CVE-2012-2399
Published: 21 April 2012
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(3.3.2+dfsg-1)
|
|
raring |
Not vulnerable
(3.3.2+dfsg-1)
|
|
saucy |
Not vulnerable
(3.3.2+dfsg-1)
|
|
trusty |
Does not exist
(trusty was not-affected [3.3.2+dfsg-1])
|
|
upstream |
Needed
|
|
utopic |
Not vulnerable
(3.3.2+dfsg-1)
|
|
vivid |
Not vulnerable
(3.3.2+dfsg-1)
|
|
wily |
Not vulnerable
(3.3.2+dfsg-1)
|
|
xenial |
Not vulnerable
(3.3.2+dfsg-1)
|
|
yakkety |
Not vulnerable
(3.3.2+dfsg-1)
|
|
zesty |
Not vulnerable
(3.3.2+dfsg-1)
|