NVD

Id
44212  
Name
CVE-2012-2401  
Description
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-04-21  
Modified Date
2014-05-05  
Seq
2012-2401  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
222076 44212 CVE-2012-2401 http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487  View
222077 44212 CVE-2012-2401 http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487  View
222078 44212 CVE-2012-2401 http://wordpress.org/news/2012/04/wordpress-3-3-2/  View
222079 44212 CVE-2012-2401 DSA-2470  View
222080 44212 CVE-2012-2401 http://www.plupload.com/punbb/viewtopic.php?id=1685  View
222081 44212 CVE-2012-2401 https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26405 JVNDB-2012-002112 WordPress および他の製品で使用される Plupload における同一生成元ポリシーを回避される脆弱性 WordPress の wp-includes/js/plupload/、および他の製品で使用される Plupload は、SWF コンテンツが読み込まれたドメインに関わらずスクリプトを有効にするため、同一生成元ポリシー (Same origin policy) を回避される脆弱性が存在します。 CVE-2012-2401 55639 CVE-2012-2401 44212 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002112.html 2012-04-21 2012-04-24 View