Description
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6113)
WordPress Plugin Advanced Dynamic Pricing for WooCommerce Multiple Vulnerabilities (4.1.5)
Oracle JRE CVE-2013-5805 Vulnerability (CVE-2013-5805)
Apache Tomcat Session Fixation Vulnerability (CVE-2025-55668)