Lucene search

Veracode Vulnerability DatabaseVERACODE:7821

HistoryNov 16, 2018 - 6:34 a.m.

Same Origin Policy Bypass

2018-11-1606:34:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Plupload is vulnerable to same origin policy bypass. Overly permissive Flash allows scripts from any domain to be run, allowing remote attackers to bypass the same origin policy via crafted swf content.

CPENameOperatorVersion
pluploadle1.5.3

CPE	Name	Operator	Version
	plupload	le	1.5.3

References

core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487

core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487

osvdb.org/81461

secunia.com/advisories/49138

wordpress.org/news/2012/04/wordpress-3-3-2/

www.debian.org/security/2012/dsa-2470

www.plupload.com/punbb/viewtopic.php?id=1685

www.securityfocus.com/bid/53192

exchange.xforce.ibmcloud.com/vulnerabilities/75208

github.com/moxiecode/plupload/commit/1fc3a509d74819d1b42b1674d97b34f6b04b7015

nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:7821