Lucene search

[email protected]CVE-2012-0287

HistoryJan 06, 2012 - 4:01 a.m.

CVE-2012-0287

2012-01-0604:01:26

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-0287

cross-site scripting

xss

wordpress

internet explorer

nvd

security vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the “Duplicate comment detected” feature.

Affected configurations

NVD

Node

wordpresswordpressMatch3.3

AND

microsoftinternet_explorer

CPENameOperatorVersion
wordpress:wordpresswordpresseq3.3

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	eq	3.3

References

oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html

www.securityfocus.com/bid/51237

www.securitytracker.com/id?1026542

wordpress.org/news/2012/01/wordpress-3-3-1/

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2012-0287

openvas4 cvelist1 nvd2 nessus3 prion1 debiancve1 patchstack1 fedora2 ubuntucve1 cve1