CVE-2020-23371

Cross-site scripting XSS vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter...

comalisd.org XSS vulnerability

Open Bug Bounty ID: OBB-549782 Description| Value ---|--- Affected Website:| comalisd.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

rockwoodschools.org XSS vulnerability

Open Bug Bounty ID: OBB-549780 Description| Value ---|--- Affected Website:| rockwoodschools.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Nextcloud: http://www.nextcloud.com/wp-includes/js/swfupload/swfupload.swf allows open redirect / site defacement

Good day, I truly hope it treats you well on your side of the screen : I have found that your website uses the flash file: swfupload.swf to allow your users to upload files. The tl;dr version of this bug report is it allows an open redirect to any site a non kind person may want to exploit or...

Imgur: Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event

Hi, This was a fun one. So I noticed you're using swfupload.swf which is hosted on the main domain, imgur.com. This swfupload.swf as some settings you can use to modify the button on the upload. You can actually insert HTML into the Flash, but the button event that you select yourself using anoth...

WordPress NextGEN Gallery Plugin <= 1.9.7 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in swfupload.swf . Solution Upgrade the plugin...

NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a swfupload.swf Cross-Site Scripting XSS security vulnerability...

Mavenlink: Flash XSS on swfupload.swf showing at app.mavenlink.com

Hello Security I like to report a XSS that affect all users. This flash XSS can be very dangerous. Vulnerable URL: https://app.mavenlink.com/flash/swfupload.swf?movieName=";catcheif!self.aself.a=!alertdocument.domain;// I attach image of Proof: Any problem reproducing this bug please let me know...

Startbbs /swfupload.swf 跨站脚本漏洞

No description provided by source...

wordpress 3.3.1 /wp-includes/js/swfupload/swfupload.swf buttontText 跨站脚本漏洞

No description provided by source...

Redtube Blog Cross Site Scripting

Title : Cross Site Scripting in RedTube Official Blog. Author : Ryuzaki Lawlet Blog : justryuz.blogspot.com / www.justryuz.com E-mail : [email protected] / [email protected] / [email protected] Date: June 6/2013 4.44 pm Vendor: http://wordpress.org/plugins/nextgen-gallery/ Type : Web...

wordpress 3.3.1 /wp-includes/js/swfupload/swfupload.swf 跨站脚本漏洞

wordpress 3.3.1及之前版本/wp-includes/js/swfupload/swfupload.swf存在xss漏洞。 wordpress = 3.3.1...

Dotclear XSS Vulnerabilities

These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've...

WordPress 3.3.1 swfupload.swf Cross Site Scripting

Hello list! I will draw your attention to XSS vulnerability in swfupload in WordPress. In April there was announced Cross-Site Scripting vulnerability in swfupload.swf in WordPress CVE-2012-3414. It was fixed in WordPress 3.3.2. At that time there was no detailed information about it. Last week...

CVE-2012-2399

CVE-2012-2399 is an XSS vulnerability in swfupload.swf (SWFUpload 2.2.0.1 and earlier), used in WordPress before 3.5.2 and TinyMCE Image Manager 1.1 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter. The connected documents do not pr...