Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

Remediation

References

CVE-2012-2399

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2015-7804)

Ruby on Rails Data Processing Errors Vulnerability (CVE-2014-3916)

WordPress Plugin Personalized WooCommerce Cart Page Cross-Site Request Forgery (2.4)

WordPress Plugin Billplz for WooCommerce Unspecified Vulnerability (3.10)

WordPress Plugin Chronoforms Cross-Site Request Forgery (7.0.9)

Severity

Critical

Classification

CVE-2012-2399

Tags

Missing Update Known Vulnerabilities