Lucene search

MitreCVELIST:CVE-2012-2403

HistoryApr 21, 2012 - 11:00 p.m.

CVE-2012-2403

2012-04-2123:00:00

mitre

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.4%

JSON

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

References

core.trac.wordpress.org/changeset/20493/branches/3.3/wp-includes/capabilities.php

core.trac.wordpress.org/changeset/20493/branches/3.3/wp-includes/formatting.php

osvdb.org/81463

secunia.com/advisories/48957

secunia.com/advisories/49138

wordpress.org/news/2012/04/wordpress-3-3-2/

www.debian.org/security/2012/dsa-2470

www.securityfocus.com/bid/53192

exchange.xforce.ibmcloud.com/vulnerabilities/75093

exchange.xforce.ibmcloud.com/vulnerabilities/75206