QwikSec

Security Database

CVE

CWE

Training

CVE-2012-0287

Published: Jan 6, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html

x_refsource_MISC

vdb-entry

x_refsource_BID

https://wordpress.org/news/2012/01/wordpress-3-3-1/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.