CVE-2012-2399

N/A Unknown

Published: April 21, 2012 Modified: April 29, 2026

Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503

Source: cve@mitre.org

http://jvn.jp/en/jp/JVN25280162/index.html

Source: cve@mitre.org

http://jvndb.jvn.jp/jvndb/JVNDB-2012-002110

Source: cve@mitre.org

http://make.wordpress.org/core/2013/06/21/secure-swfupload/

Source: cve@mitre.org

http://osvdb.org/81459

Source: cve@mitre.org

http://packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/122399/tinymce11-xss.txt

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2013/Mar/110

Source: cve@mitre.org

http://secunia.com/advisories/49138

Source: cve@mitre.org

http://wordpress.org/news/2012/04/wordpress-3-3-2/

Source: cve@mitre.org

Patch Vendor Advisory

http://www.debian.org/security/2012/dsa-2470

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2013/07/18/13

Source: cve@mitre.org

http://www.osvdb.org/91134

Source: cve@mitre.org

http://www.securityfocus.com/bid/53192

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/75210

Source: cve@mitre.org

http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvn.jp/en/jp/JVN25280162/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/jvndb/JVNDB-2012-002110

Source: af854a3a-2127-422b-91ae-364da2661108

http://make.wordpress.org/core/2013/06/21/secure-swfupload/

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/81459

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/122399/tinymce11-xss.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2013/Mar/110

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49138

Source: af854a3a-2127-422b-91ae-364da2661108

http://wordpress.org/news/2012/04/wordpress-3-3-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.debian.org/security/2012/dsa-2470

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/07/18/13

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/91134

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/53192

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/75210

Source: af854a3a-2127-422b-91ae-364da2661108

30 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

8.7%

94th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

wordpress