10
CVE-2012-2399
- EPSS 8.68%
- Veröffentlicht 21.04.2012 23:55:01
- Zuletzt bearbeitet 16.06.2026 23:41:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 3.5.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
Mögliche Gegenmaßnahme
WordPress: Update to version 3.5.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-3.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.68% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/49138
http://www.debian.org/security/2012/dsa-2470
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503
http://jvn.jp/en/jp/JVN25280162/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-002110
http://make.wordpress.org/core/2013/06/21/secure-swfupload/
http://osvdb.org/81459
http://packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/122399/tinymce11-xss.txt
http://seclists.org/fulldisclosure/2013/Mar/110
http://wordpress.org/news/2012/04/wordpress-3-3-2/
http://www.openwall.com/lists/oss-security/2013/07/18/13
http://www.osvdb.org/91134
http://www.securityfocus.com/bid/53192
https://exchange.xforce.ibmcloud.com/vulnerabilities/75210
https://www.wordfence.com/threat-intel/vulnerabilities/id/e1e973e3-f2a2-465c-aec7-5a7d4290c00b