10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
86.5%
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | wordpress | < 3.3.2+dfsg-1 | wordpress_3.3.2+dfsg-1_all.deb |
Debian | 11 | all | wordpress | < 3.3.2+dfsg-1 | wordpress_3.3.2+dfsg-1_all.deb |
Debian | 10 | all | wordpress | < 3.3.2+dfsg-1 | wordpress_3.3.2+dfsg-1_all.deb |
Debian | 999 | all | wordpress | < 3.3.2+dfsg-1 | wordpress_3.3.2+dfsg-1_all.deb |
Debian | 13 | all | wordpress | < 3.3.2+dfsg-1 | wordpress_3.3.2+dfsg-1_all.deb |