5.3 Medium
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
86.4%
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503
jvn.jp/en/jp/JVN25280162/index.html
jvndb.jvn.jp/jvndb/JVNDB-2012-002110
make.wordpress.org/core/2013/06/21/secure-swfupload/
osvdb.org/81459
packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html
packetstormsecurity.com/files/122399/tinymce11-xss.txt
seclists.org/fulldisclosure/2013/Mar/110
secunia.com/advisories/49138
wordpress.org/news/2012/04/wordpress-3-3-2/
www.debian.org/security/2012/dsa-2470
www.openwall.com/lists/oss-security/2013/07/18/13
www.osvdb.org/91134
www.securityfocus.com/bid/53192
exchange.xforce.ibmcloud.com/vulnerabilities/75210