Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2012-2399

Опубликовано: 21 апр. 2012
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 10

Описание

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

РелизСтатусПримечание
devel

not-affected

3.3.2+dfsg-1
esm-apps/xenial

not-affected

3.3.2+dfsg-1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [3.3.2+dfsg-1]]
hardy

ignored

end of life
lucid

ignored

end of life
natty

ignored

end of life
oneiric

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needed
quantal

not-affected

3.3.2+dfsg-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.06785
Низкий

10 Critical

CVSS2

Связанные уязвимости

nvd логотип

CVE-2012-2399

nvd
больше 13 лет назад

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

debian логотип

CVE-2012-2399

debian
больше 13 лет назад

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...

github логотип

GHSA-m6ch-qxrg-ggw6

github
около 3 лет назад

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.

EPSS

Процентиль: 91%
0.06785
Низкий

10 Critical

CVSS2