CVE-2012-3414

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2012-3414

CGA ID

CGA-h3f8-4x4g-h37j

Severity

Unknown

Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.

References

https://images.chainguard.dev/security/CGA-h3f8-4x4g-h37j
https://github.com/advisories/GHSA-89mv-5c9h-c8f7
http://make.wordpress.org/core/2013/06/21/secure-swfupload/
http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html
http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
http://code.google.com/p/swfupload/issues/detail?id=376
http://www.openwall.com/lists/oss-security/2012/07/16/4
http://www.openwall.com/lists/oss-security/2012/07/17/12
http://www.securityfocus.com/bid/54245
https://security-tracker.debian.org/tracker/CVE-2012-3414

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2012-3414

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources