Description

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

CVE-2012-2404

Related Vulnerabilities

PHP Other Vulnerability (CVE-2005-3054)

XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)

Oracle Application Server CVE-2008-0343 Vulnerability (CVE-2008-0343)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2)

WordPress Plugin Advanced Ads-Ad Manager & AdSense Cross-Site Scripting (1.17.3)

Severity

Medium

Classification

CVE-2012-2404 CWE-707

Tags

Missing Update Known Vulnerabilities