397677 – (CVE-2012-0287) <www-apps/wordpress-3.3.1: XSS flaw (CVE-2012-0287)

Bug 397677 (CVE-2012-0287) - <www-apps/wordpress-3.3.1: XSS flaw (CVE-2012-0287)

Summary: <www-apps/wordpress-3.3.1: XSS flaw (CVE-2012-0287)

Status:	RESOLVED FIXED

Alias:	CVE-2012-0287

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-01-04 19:32 UTC by Agostino Sarubbo
Modified:	2012-01-06 14:25 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-01-04 19:32:28 UTC

From Red Hat bugzilla at $URL:

Description:
An XSS flaw was reported [1] against Wordpress 3.3.  Upstream has released
3.3.1 [2] to correct this flaw.

[1] http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
[2] https://wordpress.org/news/2012/01/wordpress-3-3-1/

Solution:
update to 3.3.1

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2012-01-06 11:50:27 UTC

CVE-2012-0287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0287):
  Cross-site scripting (XSS) vulnerability in wp-comments-post.php in
  WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote
  attackers to inject arbitrary web script or HTML via the query string in a
  POST operation that is not properly handled by the "Duplicate comment
  detected" feature.

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2012-01-06 14:25:01 UTC

Thanks for the bump, radhermit. Closing noglsa.