CVE-2012-3414

NONECVSS 0.0

0.0

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.

🔗 References (16)

secalert@redhathttp://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html
secalert@redhathttp://code.google.com/p/swfupload/issues/detail?id=376
secalert@redhathttp://make.wordpress.org/core/2013/06/21/secure-swfupload/
secalert@redhathttp://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/07/16/4
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/07/17/12
secalert@redhathttp://www.securityfocus.com/bid/54245
secalert@redhathttps://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
af854a3a-2127-422b-91ae-364da2661108http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/swfupload/issues/detail?id=376
af854a3a-2127-422b-91ae-364da2661108http://make.wordpress.org/core/2013/06/21/secure-swfupload/
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/07/16/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/07/17/12
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54245

Is Your Infrastructure Affected by CVE-2012-3414?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3414

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3414?