Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.
https://exchange.xforce.ibmcloud.com/vulnerabilities/75210
http://www.securityfocus.com/bid/53192
http://www.openwall.com/lists/oss-security/2013/07/18/13
http://www.debian.org/security/2012/dsa-2470
http://wordpress.org/news/2012/04/wordpress-3-3-2/
http://secunia.com/advisories/49138
http://seclists.org/fulldisclosure/2013/Mar/110
http://packetstormsecurity.com/files/122399/tinymce11-xss.txt
http://packetstormsecurity.com/files/120746/SWFUpload-Content-Spoofing-Cross-Site-Scripting.html
http://make.wordpress.org/core/2013/06/21/secure-swfupload/
http://jvndb.jvn.jp/jvndb/JVNDB-2012-002110
http://jvn.jp/en/jp/JVN25280162/index.html
http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503