Description
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)
WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)
WordPress Plugin AddSearch Cross-Site Scripting (1.1.0)
Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2020-14172)
WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.1.2)