Description

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Remediation

References

CVE-2012-2401

Related Vulnerabilities

WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9408)

WebLogic CVE-2021-2382 Vulnerability (CVE-2021-2382)

WordPress Plugin GeSHi Source Colorer Cross-Site Scripting (0.13)

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45881)

Severity

Medium

Classification

CVE-2012-2401 CWE-264

Tags

Missing Update Known Vulnerabilities