CVE-2012-0782 in WordPressinfo

Zusammenfassung (Englisch)

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservieren

18.01.2012

Veröffentlichung

30.01.2012

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
60054WordPress Installation Cross Site Scripting79Proof-of-ConceptOffizieller FixCVE-2012-0782

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!