Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 397677 (CVE-2012-0287) - <www-apps/wordpress-3.3.1: XSS flaw (CVE-2012-0287)
Summary: <www-apps/wordpress-3.3.1: XSS flaw (CVE-2012-0287)
Alias: CVE-2012-0287
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: ~4 [noglsa]
Depends on:
Reported: 2012-01-04 19:32 UTC by Agostino Sarubbo
Modified: 2012-01-06 14:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-01-04 19:32:28 UTC
From Red Hat bugzilla at $URL:

An XSS flaw was reported [1] against Wordpress 3.3.  Upstream has released
3.3.1 [2] to correct this flaw.


update to 3.3.1
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-01-06 11:50:27 UTC
CVE-2012-0287 (
  Cross-site scripting (XSS) vulnerability in wp-comments-post.php in
  WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote
  attackers to inject arbitrary web script or HTML via the query string in a
  POST operation that is not properly handled by the "Duplicate comment
  detected" feature.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-01-06 14:25:01 UTC
Thanks for the bump, radhermit. Closing noglsa.