cvelist/2012/2xxx/CVE-2012-2401.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2012-2401",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/",
            "refsource" : "MISC",
            "url" : "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"
         },
         {
            "name" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487",
            "refsource" : "CONFIRM",
            "url" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"
         },
         {
            "name" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487",
            "refsource" : "CONFIRM",
            "url" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"
         },
         {
            "name" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
            "refsource" : "CONFIRM",
            "url" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
         },
         {
            "name" : "http://www.plupload.com/punbb/viewtopic.php?id=1685",
            "refsource" : "CONFIRM",
            "url" : "http://www.plupload.com/punbb/viewtopic.php?id=1685"
         },
         {
            "name" : "DSA-2470",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2012/dsa-2470"
         },
         {
            "name" : "53192",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/53192"
         },
         {
            "name" : "81461",
            "refsource" : "OSVDB",
            "url" : "http://osvdb.org/81461"
         },
         {
            "name" : "49138",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/49138"
         },
         {
            "name" : "wordpress-plupload-sec-bypass(75208)",
            "refsource" : "XF",
            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2012-2401",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/",`
			`"refsource" : "MISC",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://www.plupload.com/punbb/viewtopic.php?id=1685",`
			`"refsource" : "CONFIRM",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.plupload.com/punbb/viewtopic.php?id=1685"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-2470",`
			`"refsource" : "DEBIAN",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.debian.org/security/2012/dsa-2470"`
			`},`
- Synchronized data. 2017-12-12 13:03:57 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "53192",`
			`"refsource" : "BID",`
- Synchronized data. 2017-12-12 13:03:57 -05:00			`"url" : "http://www.securityfocus.com/bid/53192"`
			`},`
- Synchronized data. 2017-12-18 15:03:51 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "81461",`
			`"refsource" : "OSVDB",`
- Synchronized data. 2017-12-18 15:03:51 -05:00			`"url" : "http://osvdb.org/81461"`
			`},`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "49138",`
			`"refsource" : "SECUNIA",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://secunia.com/advisories/49138"`
- Synchronized data. 2017-12-13 14:03:47 -05:00			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "wordpress-plupload-sec-bypass(75208)",`
			`"refsource" : "XF",`
- Synchronized data. 2017-12-13 14:03:47 -05:00			`"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75208"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`