Description
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coming soon and Maintenance mode Cross-Site Scripting (3.5.2)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)
Joomla! Core Multiple Vulnerabilities (1.5.0 - 3.7.2)
Oracle JRE CVE-2020-14782 Vulnerability (CVE-2020-14782)
WordPress Plugin Newsletter by Supsystic Cross-Site Scripting (1.1.7)