Description
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2007-3555)
Jetty Integer Overflow or Wraparound Vulnerability (CVE-2023-36478)
WordPress Plugin Google +1 by BestWebSoft Cross-Site Scripting (1.1.6)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)
WordPress Plugin WooCommerce Cross-Seller Unspecified Vulnerability (1.0.2)