Description

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.

Remediation

References

CVE-2012-0782

Related Vulnerabilities

Java Unspesificed Vulnerability (CVE-2018-3136)

WordPress Plugin Contextual Related Posts Multiple Vulnerabilities (3.3.1)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)

WebLogic CVE-2017-10137 Vulnerability (CVE-2017-10137)

WordPress Plugin WordPress Slider Block Gutenslider Cross-Site Scripting (5.1.5)

Severity

Medium

Classification

CVE-2012-0782 CWE-707

Tags

Missing Update Known Vulnerabilities