/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2012-3414

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2012-3414

CGA ID

CGA-h3f8-4x4g-h37j

Severity

Unknown

Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs