PT-2012-4012 · WordPress+2 · Wordpress+2

Szymon Gruszecki

Publicado

2012-04-21

Atualizado

2017-12-19

CVE-2012-2399

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SWFupload versions 2.2.0.1 and earlier WordPress versions prior to 3.5.2 TinyMCE Image Manager versions 1.1 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter. This enables attackers to execute malicious scripts on the client-side.

Recommendations For SWFupload versions 2.2.0.1 and earlier, avoid using the buttonText parameter in the affected API endpoint until the issue is resolved. For WordPress versions prior to 3.5.2, update to version 3.5.2 or later. For TinyMCE Image Manager versions 1.1 and earlier, update to a version later than 1.1.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2012-2399

DSA-2470-1

Produtos afetados

Swfupload

Tinymce Image Manager

Wordpress

PT-2012-4012 · WordPress+2 · Wordpress+2

CVE-2012-2399

Identificadores relacionados

Produtos afetados

Referências · 20