Description

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.

Remediation

References

CVE-2012-0782

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5381)

WordPress Plugin Content Audit Multiple Vulnerabilities (1.9.1)

WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Request Forgery (1.9.18)

WordPress Plugin WP SimpleMail Multiple Cross-Site Scripting Vulnerabilities (1.0.6)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.8.1)

Severity

Medium

Classification

CVE-2012-0782 CWE-707

Tags

Missing Update Known Vulnerabilities