Description
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Shipping Validation for WooCommerce Cross-Site Scripting (1.0.0)
Moodle CVE-2022-30598 Vulnerability (CVE-2022-30598)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)
WordPress Plugin smart Archive Page Remove Unspecified Vulnerability (3)