Lucene search

[email protected]NVD:CVE-2012-2399

HistoryApr 21, 2012 - 11:55 p.m.

CVE-2012-2399

2012-04-2123:55:01

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

5.4 Medium

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

Affected configurations

NVD

Node

wordpresswordpressRange≤3.3.1

wordpresswordpressMatch0.71

wordpresswordpressMatch1.0

wordpresswordpressMatch1.0.1

wordpresswordpressMatch1.0.2

wordpresswordpressMatch1.1.1

wordpresswordpressMatch1.2

wordpresswordpressMatch1.2.1

wordpresswordpressMatch1.2.2

wordpresswordpressMatch1.2.3

wordpresswordpressMatch1.2.4

wordpresswordpressMatch1.2.5

wordpresswordpressMatch1.2.5a

wordpresswordpressMatch1.3

wordpresswordpressMatch1.3.2

wordpresswordpressMatch1.3.3

wordpresswordpressMatch1.5

wordpresswordpressMatch1.5.1

wordpresswordpressMatch1.5.1.1

wordpresswordpressMatch1.5.1.2

wordpresswordpressMatch1.5.1.3

wordpresswordpressMatch1.5.2

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.8

wordpresswordpressMatch2.0.9

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.11

wordpresswordpressMatch2.1

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.3

wordpresswordpressMatch2.3.1

wordpresswordpressMatch2.3.2

wordpresswordpressMatch2.3.3

wordpresswordpressMatch2.5

wordpresswordpressMatch2.5.1

wordpresswordpressMatch2.6

wordpresswordpressMatch2.6.1

wordpresswordpressMatch2.6.2

wordpresswordpressMatch2.6.3

wordpresswordpressMatch2.6.5

wordpresswordpressMatch2.7

wordpresswordpressMatch2.7.1

wordpresswordpressMatch2.8

wordpresswordpressMatch2.8.1

wordpresswordpressMatch2.8.2

wordpresswordpressMatch2.8.3

wordpresswordpressMatch2.8.4

wordpresswordpressMatch2.8.4a

wordpresswordpressMatch2.8.5

wordpresswordpressMatch2.8.5.1

wordpresswordpressMatch2.8.5.2

wordpresswordpressMatch2.8.6

wordpresswordpressMatch2.9

wordpresswordpressMatch2.9.1

wordpresswordpressMatch2.9.1.1

wordpresswordpressMatch2.9.2

wordpresswordpressMatch3.0

wordpresswordpressMatch3.0.1

wordpresswordpressMatch3.0.2

wordpresswordpressMatch3.0.3

wordpresswordpressMatch3.0.4

wordpresswordpressMatch3.0.5

wordpresswordpressMatch3.0.6

wordpresswordpressMatch3.1

wordpresswordpressMatch3.1.1

wordpresswordpressMatch3.1.2

wordpresswordpressMatch3.1.3

wordpresswordpressMatch3.3

References

core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503

jvn.jp/en/jp/JVN25280162/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-002110

make.wordpress.org/core/2013/06/21/secure-swfupload/

osvdb.org/81459

packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html

packetstormsecurity.com/files/122399/tinymce11-xss.txt

seclists.org/fulldisclosure/2013/Mar/110

secunia.com/advisories/49138

wordpress.org/news/2012/04/wordpress-3-3-2/

www.debian.org/security/2012/dsa-2470

www.openwall.com/lists/oss-security/2013/07/18/13

www.osvdb.org/91134

www.securityfocus.com/bid/53192

exchange.xforce.ibmcloud.com/vulnerabilities/75210

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

5.4 Medium

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Related for NVD:CVE-2012-2399

prion4 cvelist2 cve4 debiancve2 packetstorm4 zdt2 ubuntucve2 jvn1 seebug1 typo31 patchstack2 securityvulns5 openvas13 threatpost2 nvd3 nessus7 freebsd1 fedora3 osv1 debian1