CVE-2012-2399
CVE-2012-2399 is an XSS vulnerability in swfupload.swf (SWFUpload 2.2.0.1 and earlier), used in WordPress before 3.5.2 and TinyMCE Image Manager 1.1 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter. The connected documents do not pr...