XSS in Swfupload_project Swfupload

CVE-2012-3414

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML vi…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.091 (94.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2012-3414?
CVE-2012-3414 is a vulnerability in Swfupload_project Swfupload, classified under Cross-site Scripting. Published 2013-07-19.
Is CVE-2012-3414 known to be exploited?
4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.