Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2012-2399

🗓️ 21 Apr 2012 23:01:55Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 111 Views🌐 WEB

Cross-site scripting vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, allowing remote attackers to inject arbitrary web script or HTML via the buttonText parameter

Show more
Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Cvelist		CVE-2012-2399
21 Apr 201223:00
cvelist
Cvelist		CVE-2012-3414
19 Jul 201310:00
cvelist
Prion		Cross site scripting
21 Apr 201223:55
prion
Prion		Cross site scripting
19 Jul 201314:36
prion
Prion		Design/Logic Flaw
30 Jun 202213:15
prion
Prion		Design/Logic Flaw
27 Apr 201404:32
prion
Packet Storm		WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution
24 Jan 201400:00
packetstorm
Packet Storm		WordPress 3.3.1 swfupload.swf Cross Site Scripting
9 Nov 201200:00
packetstorm
Packet Storm		SWF Upload Cross Site Scripting
13 Nov 201200:00
packetstorm
Packet Storm		Dotclear 2.4.4 Cross Site Scripting / Content Spoofing
13 Apr 201300:00
packetstorm
Rows per page
Nvd
Node
wordpresswordpressRange3.3.1
OR
wordpresswordpressMatch0.71
OR
wordpresswordpressMatch1.0
OR
wordpresswordpressMatch1.0.1
OR
wordpresswordpressMatch1.0.2
OR
wordpresswordpressMatch1.1.1
OR
wordpresswordpressMatch1.2
OR
wordpresswordpressMatch1.2.1
OR
wordpresswordpressMatch1.2.2
OR
wordpresswordpressMatch1.2.3
OR
wordpresswordpressMatch1.2.4
OR
wordpresswordpressMatch1.2.5
OR
wordpresswordpressMatch1.2.5a
OR
wordpresswordpressMatch1.3
OR
wordpresswordpressMatch1.3.2
OR
wordpresswordpressMatch1.3.3
OR
wordpresswordpressMatch1.5
OR
wordpresswordpressMatch1.5.1
OR
wordpresswordpressMatch1.5.1.1
OR
wordpresswordpressMatch1.5.1.2
OR
wordpresswordpressMatch1.5.1.3
OR
wordpresswordpressMatch1.5.2
OR
wordpresswordpressMatch2.0
OR
wordpresswordpressMatch2.0.1
OR
wordpresswordpressMatch2.0.2
OR
wordpresswordpressMatch2.0.4
OR
wordpresswordpressMatch2.0.5
OR
wordpresswordpressMatch2.0.6
OR
wordpresswordpressMatch2.0.7
OR
wordpresswordpressMatch2.0.8
OR
wordpresswordpressMatch2.0.9
OR
wordpresswordpressMatch2.0.10
OR
wordpresswordpressMatch2.0.11
OR
wordpresswordpressMatch2.1
OR
wordpresswordpressMatch2.1.1
OR
wordpresswordpressMatch2.1.2
OR
wordpresswordpressMatch2.1.3
OR
wordpresswordpressMatch2.2
OR
wordpresswordpressMatch2.2.1
OR
wordpresswordpressMatch2.2.2
OR
wordpresswordpressMatch2.2.3
OR
wordpresswordpressMatch2.3
OR
wordpresswordpressMatch2.3.1
OR
wordpresswordpressMatch2.3.2
OR
wordpresswordpressMatch2.3.3
OR
wordpresswordpressMatch2.5
OR
wordpresswordpressMatch2.5.1
OR
wordpresswordpressMatch2.6
OR
wordpresswordpressMatch2.6.1
OR
wordpresswordpressMatch2.6.2
OR
wordpresswordpressMatch2.6.3
OR
wordpresswordpressMatch2.6.5
OR
wordpresswordpressMatch2.7
OR
wordpresswordpressMatch2.7.1
OR
wordpresswordpressMatch2.8
OR
wordpresswordpressMatch2.8.1
OR
wordpresswordpressMatch2.8.2
OR
wordpresswordpressMatch2.8.3
OR
wordpresswordpressMatch2.8.4
OR
wordpresswordpressMatch2.8.4a
OR
wordpresswordpressMatch2.8.5
OR
wordpresswordpressMatch2.8.5.1
OR
wordpresswordpressMatch2.8.5.2
OR
wordpresswordpressMatch2.8.6
OR
wordpresswordpressMatch2.9
OR
wordpresswordpressMatch2.9.1
OR
wordpresswordpressMatch2.9.1.1
OR
wordpresswordpressMatch2.9.2
OR
wordpresswordpressMatch3.0
OR
wordpresswordpressMatch3.0.1
OR
wordpresswordpressMatch3.0.2
OR
wordpresswordpressMatch3.0.3
OR
wordpresswordpressMatch3.0.4
OR
wordpresswordpressMatch3.0.5
OR
wordpresswordpressMatch3.0.6
OR
wordpresswordpressMatch3.1
OR
wordpresswordpressMatch3.1.1
OR
wordpresswordpressMatch3.1.2
OR
wordpresswordpressMatch3.1.3
OR
wordpresswordpressMatch3.3
ParameterPositionPathDescriptionCWE
imagebinary/wp-e-commerce/wpsc-admin/includes/save-data.functions.phpFile upload vulnerability that allows remote attackers to upload arbitrary files.CWE-616CWE-434
wpsc_actionquery param/wp-e-commerce/wpsc-admin/ajax.phpRemote code execution vulnerability due to improper handling of user input.CWE-94
cquery param/wp-e-commerce/wpsc-admin/display-sales-logs.phpRemote code execution vulnerability due to improper handling of user input.CWE-94
image_namequery param/wp-e-commerce/wpsc-includes/misc.functions.phpLocal File Inclusion vulnerability allowing attackers to include arbitrary files.CWE-98
movieNamequery param/wp-e-commerce/wpsc-core/js/swfupload/swfupload.swfCross-Site Scripting (XSS) vulnerability allowing injection of arbitrary JavaScript.CWE-352
buttonImageURLquery param/wp-e-commerce/wpsc-core/js/swfupload/swfupload.swfCross-Site Scripting (XSS) vulnerability allowing injection of arbitrary JavaScript.CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Apr 2012 23:55Current
5.4Medium risk
Vulners AI Score5.4
CVSS210
EPSS0.01243
cve-2012-2399cross-site scriptingxssvulnerabilityswfupload.swfswfupload 2.2.0.1wordpresstinymce image manager
111
.json
Report