Description
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.
Remediation
References
Related Vulnerabilities
Java Unspesificed Vulnerability (CVE-2018-3136)
WordPress Plugin Contextual Related Posts Multiple Vulnerabilities (3.3.1)
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)
WebLogic CVE-2017-10137 Vulnerability (CVE-2017-10137)
WordPress Plugin WordPress Slider Block Gutenslider Cross-Site Scripting (5.1.5)