NotCVE - vendor:"Moxiecode" product:"Plupload"

2 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 89EXPL: 1

CVE-2013-0237 – WordPress Core < 3.5.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-0237

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados en Plupload.as en Moxiecode Plupload anteriores a v1.5.5, como el usado en WordPress anteriores a v3.5.1 y otros productos, permiten a atacantes remotos inyectar comandos web o HTML a través del parámetro id. • http://codex.wordpress.org/Version_3.5.1 http://wordpress.org/news/2013/01/wordpress-3-5-1 https://bugzilla.redhat.com/show_bug.cgi?id=904122 https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 89EXPL: 0

CVE-2012-2401 – WordPress Core <= 3.3.1 - Same Origin Policy Bypass

https://notcve.org/view.php?id=CVE-2012-2401

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. Plupload antes de v1.5.4, tal y como se utiliza en wp-includes/js/plupload/ en WordPress antes de v3.3.2 y otros productos, permite ejecutar secuencias de comandos, independientemente del dominio desde el que se cargó el contenido SWF, lo que permite a atacantes remotos evitar la política de mismo origen a través de contenido malicioso. • http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487 http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487 http://osvdb.org/81461 http://secunia.com/advisories/49138 http://wordpress.org/news/2012/04/wordpress-3-3-2 http://www.debian.org/security/2012/dsa-2470 http://www.plupload.com/punbb/viewtopic.php?id=1685 http://www.securityfocus.com/bid/53192 https://exchange.xforce.ibmcloud.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •