CVE-2012-0782

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
wordpresswordpress
𝑥
≤ 3.3.1
wordpresswordpress
0.7
wordpresswordpress
0.71
wordpresswordpress
0.72
wordpresswordpress
0.711
wordpresswordpress
1.0
wordpresswordpress
1.0.1
wordpresswordpress
1.0.2
wordpresswordpress
1.2
wordpresswordpress
1.2.1
wordpresswordpress
1.2.2
wordpresswordpress
1.5
wordpresswordpress
1.5.1
wordpresswordpress
1.5.1.2
wordpresswordpress
1.5.1.3
wordpresswordpress
1.5.2
wordpresswordpress
2.0
wordpresswordpress
2.0.1
wordpresswordpress
2.0.2
wordpresswordpress
2.0.3
wordpresswordpress
2.0.4
wordpresswordpress
2.0.5
wordpresswordpress
2.0.6
wordpresswordpress
2.0.7
wordpresswordpress
2.0.8
wordpresswordpress
2.0.9
wordpresswordpress
2.0.10
wordpresswordpress
2.0.11
wordpresswordpress
2.1
wordpresswordpress
2.1.1
wordpresswordpress
2.1.2
wordpresswordpress
2.1.3
wordpresswordpress
2.2
wordpresswordpress
2.2.1
wordpresswordpress
2.2.2
wordpresswordpress
2.2.3
wordpresswordpress
2.3
wordpresswordpress
2.3.1
wordpresswordpress
2.3.2
wordpresswordpress
2.3.3
wordpresswordpress
2.5
wordpresswordpress
2.5.1
wordpresswordpress
2.6
wordpresswordpress
2.6.1
wordpresswordpress
2.6.2
wordpresswordpress
2.6.3
wordpresswordpress
2.6.5
wordpresswordpress
2.7
wordpresswordpress
2.7.1
wordpresswordpress
2.8
wordpresswordpress
2.8.1
wordpresswordpress
2.8.2
wordpresswordpress
2.8.3
wordpresswordpress
2.8.4
wordpresswordpress
2.8.5
wordpresswordpress
2.8.6
wordpresswordpress
2.9
wordpresswordpress
2.9.1
wordpresswordpress
2.9.2
wordpresswordpress
3.0
wordpresswordpress
3.0.1
wordpresswordpress
3.0.2
wordpresswordpress
3.0.3
wordpresswordpress
3.0.4
wordpresswordpress
3.0.5
wordpresswordpress
3.0.6
wordpresswordpress
3.1
wordpresswordpress
3.1.1
wordpresswordpress
3.1.2
wordpresswordpress
3.1.3
wordpresswordpress
3.1.4
wordpresswordpress
3.2.1
wordpresswordpress
3.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
artful
ignored
bionic
not-affected
cosmic
ignored
disco
ignored
eoan
ignored
focal
not-affected
groovy
ignored
hardy
ignored
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
ignored
lucid
ignored
lunar
ignored
mantic
ignored
maverick
ignored
natty
ignored
noble
not-affected
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html
http://www.exploit-db.com/exploits/18417
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html
http://www.exploit-db.com/exploits/18417
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt