Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

Remediation

References

CVE-2012-2399

Related Vulnerabilities

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22841)

WordPress Plugin Simple Slider 'New Image' Field Cross-Site Scripting (1.0)

WordPress Plugin TheThe Layout Grid Cross-Site Scripting (1.0.0)

WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (0.9.1)

WordPress Plugin MX Time Zone Clocks Cross-Site Scripting (3.4)

Severity

Critical

Classification

CVE-2012-2399

Tags

Missing Update Known Vulnerabilities