CVEs-PoC/2012/CVE-2012-3414.md at d9c64e504a400a9c76c5acac87c0beb68d3a78a3

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.

POC

Reference

http://make.wordpress.org/core/2013/06/21/secure-swfupload/
http://make.wordpress.org/core/2013/06/21/secure-swfupload/
http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/122399/TinyMCE-Image-Manager-1.1-Cross-Site-Scripting.html
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/

Github

https://github.com/WordPress/secure-swfupload
https://github.com/coupa/secure-swfupload
https://github.com/danifbento/SWFUpload

1.3 KiB Raw Blame History

CVE-2012-3414

Description

POC

Reference

Github

1.3 KiB

Raw Blame History