SecuritySpace - CVE-2012-0782

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2012-0782

Description: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-0782
Bugtraq: 20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html
http://www.exploit-db.com/exploits/18417
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt

CVE ID:	CVE-2012-0782
Description:	DISPUTED Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0782 Bugtraq: 20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html http://www.exploit-db.com/exploits/18417 https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt