XSS in Swfupload_project Swfupload
CVE-2012-3414
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML vi…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.091 (94.7th percentile) — read the EPSS interpretation.
Affected products
- Swfupload_project Swfupload — versions 1.0.2, 2.0.2, 2.1.0
- Tinymce Image_manager — versions 1.1
- Wordpress — versions 3.0, 3.0.1, 3.0.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (Exploit, x_refsource_MISC)
- secalert@redhat.com (Exploit, x_refsource_MISC)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (Exploit, x_refsource_MISC)
Frequently asked questions
- What is CVE-2012-3414?
- CVE-2012-3414 is a vulnerability in Swfupload_project Swfupload, classified under Cross-site Scripting. Published 2013-07-19.
- Is CVE-2012-3414 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.