CVE-2012-0287

Published: 06 January 2012

Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.

Priority

Medium

Status

Package Release Status
wordpress
Launchpad, Ubuntu, Debian
Upstream
Released (3.3.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.3.2+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable
(3.3.1+dfsg-1)