CVE-2012-3414
EPSS 6.3%
Description
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.
How to fix CVE-2012-3414
To remediate CVE-2012-3414, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 3.5.1+dfsg-1 or later
Is CVE-2012-3414 being exploited?
Moderate — EPSS is 6.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 3.5.1+dfsg-1