CVE-2012-0287

EUVD-2012-0323
Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
wordpresswordpress
3.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
lenny
not-affected
sid
6.6.1+dfsg1-1
fixed
squeeze
not-affected
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
http://www.securityfocus.com/bid/51237
http://www.securitytracker.com/id?1026542
https://wordpress.org/news/2012/01/wordpress-3-3-1/
http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
http://www.securityfocus.com/bid/51237
http://www.securitytracker.com/id?1026542
https://wordpress.org/news/2012/01/wordpress-3-3-1/