TROYANOSYVIRUS
Voltar para CVEs

CVE-2012-2401

N/A

Descricao

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado4/21/2012
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

moxiecode:pluploadwordpress:wordpress

Fraquezas (CWE)

CWE-264

Referencias

http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487(cve@mitre.org)
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487(cve@mitre.org)
http://osvdb.org/81461(cve@mitre.org)
http://secunia.com/advisories/49138(cve@mitre.org)
http://wordpress.org/news/2012/04/wordpress-3-3-2/(cve@mitre.org)
http://www.debian.org/security/2012/dsa-2470(cve@mitre.org)
http://www.plupload.com/punbb/viewtopic.php?id=1685(cve@mitre.org)
http://www.securityfocus.com/bid/53192(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75208(cve@mitre.org)
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/(cve@mitre.org)
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487(af854a3a-2127-422b-91ae-364da2661108)
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/81461(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/49138(af854a3a-2127-422b-91ae-364da2661108)
http://wordpress.org/news/2012/04/wordpress-3-3-2/(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2470(af854a3a-2127-422b-91ae-364da2661108)
http://www.plupload.com/punbb/viewtopic.php?id=1685(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/53192(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75208(af854a3a-2127-422b-91ae-364da2661108)
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.