Description
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
Remediation
References
Related Vulnerabilities
WordPress Plugin Structured Content (JSON-LD) #wpsc Cross-Site Scripting (1.5)
PostgreSQL Resource Management Errors Vulnerability (CVE-2012-2655)
Jenkins Improper Handling of Inconsistent Structural Elements Vulnerability (CVE-2021-21640)
OpenSSL Resource Management Errors Vulnerability (CVE-2011-3210)