CVE-2012-6633

WordPress < 3.3.3 - Cross-Site Scripting via Editable Slug Field

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://core.trac.wordpress.org/changeset/21083
Product x_refsource_confirm
http://codex.wordpress.org/Version_3.3.3

Scores

EPSS 0.0039
EPSS Percentile 60.3%

Details

CWE
CWE-79
Status published
Products (17)
wordpress/wordpress 3.0
wordpress/wordpress 3.0.1
wordpress/wordpress 3.0.2
wordpress/wordpress 3.0.3
wordpress/wordpress 3.0.4
wordpress/wordpress 3.0.5
wordpress/wordpress 3.0.6
wordpress/wordpress 3.1
wordpress/wordpress 3.1.1
wordpress/wordpress 3.1.2
... and 7 more
Published Jan 21, 2014
Tracked Since Feb 18, 2026