Vulnerabilites related to zeroclipboard_project - zeroclipboard
CVE-2014-1869 (GCVE-0-2014-1869)
Vulnerability from cvelistv5
Published
2014-02-08 00:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/pull/335"
},
{
"name": "zeroclipboard-cve20141869-xss(91085)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085"
},
{
"name": "56821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56821"
},
{
"name": "65484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65484"
},
{
"name": "RHSA-2016:0070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/pull/335"
},
{
"name": "zeroclipboard-cve20141869-xss(91085)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085"
},
{
"name": "56821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56821"
},
{
"name": "65484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65484"
},
{
"name": "RHSA-2016:0070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeroclipboard/zeroclipboard/pull/335",
"refsource": "CONFIRM",
"url": "https://github.com/zeroclipboard/zeroclipboard/pull/335"
},
{
"name": "zeroclipboard-cve20141869-xss(91085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085"
},
{
"name": "56821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56821"
},
{
"name": "65484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65484"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
},
{
"name": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2",
"refsource": "CONFIRM",
"url": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2"
},
{
"name": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca",
"refsource": "MISC",
"url": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1869",
"datePublished": "2014-02-08T00:00:00",
"dateReserved": "2014-02-06T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6550 (GCVE-0-2012-6550)
Vulnerability from cvelistv5
Published
2013-03-28 17:00
Modified
2024-08-06 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:00.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114"
},
{
"name": "20130218 XSS vulnerabilities in ZeroClipboard",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via \"the clipText returned from the flash object,\" a different vulnerability than CVE-2013-1808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-03T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114"
},
{
"name": "20130218 XSS vulnerabilities in ZeroClipboard",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via \"the clipText returned from the flash object,\" a different vulnerability than CVE-2013-1808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114",
"refsource": "CONFIRM",
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114"
},
{
"name": "20130218 XSS vulnerabilities in ZeroClipboard",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"name": "https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913",
"refsource": "CONFIRM",
"url": "https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6550",
"datePublished": "2013-03-28T17:00:00",
"dateReserved": "2013-03-28T00:00:00",
"dateUpdated": "2024-08-06T21:36:00.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1808 (GCVE-0-2013-1808)
Vulnerability from cvelistv5
Published
2013-03-28 17:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
},
{
"name": "20130218 XSS vulnerabilities in ZeroClipboard",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"name": "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Feb/109"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/docs29105.html"
},
{
"name": "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
},
{
"name": "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/5"
},
{
"name": "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/87"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/docs29103.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityvulns.ru/docs29104.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
},
{
"name": "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
},
{
"name": "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/88"
},
{
"name": "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
},
{
"name": "58257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-10T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name": "[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
},
{
"name": "20130218 XSS vulnerabilities in ZeroClipboard",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"name": "20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Feb/109"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/docs29105.html"
},
{
"name": "[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
},
{
"name": "20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/5"
},
{
"name": "20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/87"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/docs29103.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityvulns.ru/docs29104.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
},
{
"name": "[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
},
{
"name": "20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Apr/88"
},
{
"name": "[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
},
{
"name": "58257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58257"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1808",
"datePublished": "2013-03-28T17:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-04-02 03:23
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://seclists.org/fulldisclosure/2013/Apr/87 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2013/Apr/88 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2013/Feb/103 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2013/Feb/109 | ||
| secalert@redhat.com | http://seclists.org/fulldisclosure/2013/Mar/5 | ||
| secalert@redhat.com | http://securityvulns.ru/docs29103.html | ||
| secalert@redhat.com | http://securityvulns.ru/docs29104.html | Exploit | |
| secalert@redhat.com | http://securityvulns.ru/docs29105.html | ||
| secalert@redhat.com | http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/03/03/3 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/03/10/2 | Exploit | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/03/25/1 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/03/26/8 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/58257 | Exploit | |
| secalert@redhat.com | https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108 | ||
| secalert@redhat.com | https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Apr/87 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Apr/88 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Feb/103 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Feb/109 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Mar/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityvulns.ru/docs29103.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityvulns.ru/docs29104.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityvulns.ru/docs29105.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/03/03/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/03/10/2 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/03/25/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/03/26/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/58257 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zeroclipboard_project | zeroclipboard | * | |
| zeroclipboard_project | zeroclipboard | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0284A7C-86A6-4613-92AA-252D73C6143C",
"versionEndIncluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A25DABC8-9172-45BA-929A-09787D8C83B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en los archivos ZeroClipboard.swf y ZeroClipboard10.swf en ZeroClipboard anterior a versi\u00f3n 1.0.8, tal como es usado en em-shorty, RepRapCalculator, Fulcrum, Django, aCMS y otros productos, permite a atacantes remotos inyectar script web HTML arbitrario por medio del par\u00e1metro id. NOTA: esta es la misma vulnerabilidad que CVE-2013-1463. Si es as\u00ed, es probable que CVE-2013-1463 ser\u00e1 RECHAZADO."
}
],
"id": "CVE-2013-1808",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-02T03:23:26.280",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Apr/87"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Apr/88"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Feb/109"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Mar/5"
},
{
"source": "secalert@redhat.com",
"url": "http://securityvulns.ru/docs29103.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://securityvulns.ru/docs29104.html"
},
{
"source": "secalert@redhat.com",
"url": "http://securityvulns.ru/docs29105.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/58257"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Apr/87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Apr/88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Feb/109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Mar/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityvulns.ru/docs29103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityvulns.ru/docs29104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityvulns.ru/docs29105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/58257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-02 03:22
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2013/Feb/103 | ||
| cve@mitre.org | https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114 | ||
| cve@mitre.org | https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2013/Feb/103 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zeroclipboard_project | zeroclipboard | * | |
| zeroclipboard_project | zeroclipboard | 1.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0284A7C-86A6-4613-92AA-252D73C6143C",
"versionEndIncluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A25DABC8-9172-45BA-929A-09787D8C83B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via \"the clipText returned from the flash object,\" a different vulnerability than CVE-2013-1808."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en ZeroClipboard anterior a versi\u00f3n 1.1.4, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de \"the clipText returned from the flash object,\" una vulnerabilidad diferente de CVE-2013-1808."
}
],
"id": "CVE-2012-6550",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-02T03:22:13.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Feb/103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-08 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/56821 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/65484 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:0070 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91085 | ||
| cve@mitre.org | https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca | ||
| cve@mitre.org | https://github.com/zeroclipboard/zeroclipboard/pull/335 | ||
| cve@mitre.org | https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2 | Patch, Vendor Advisory | |
| cve@mitre.org | https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/56821 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65484 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:0070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zeroclipboard/zeroclipboard/pull/335 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openshift | * | |
| zeroclipboard_project | zeroclipboard | * | |
| zeroclipboard_project | zeroclipboard | 1.0.5 | |
| zeroclipboard_project | zeroclipboard | 1.0.7 | |
| zeroclipboard_project | zeroclipboard | 1.0.8 | |
| zeroclipboard_project | zeroclipboard | 1.1.0 | |
| zeroclipboard_project | zeroclipboard | 1.1.1 | |
| zeroclipboard_project | zeroclipboard | 1.1.2 | |
| zeroclipboard_project | zeroclipboard | 1.1.3 | |
| zeroclipboard_project | zeroclipboard | 1.1.4 | |
| zeroclipboard_project | zeroclipboard | 1.1.5 | |
| zeroclipboard_project | zeroclipboard | 1.1.6 | |
| zeroclipboard_project | zeroclipboard | 1.1.7 | |
| zeroclipboard_project | zeroclipboard | 1.2.0 | |
| zeroclipboard_project | zeroclipboard | 1.2.1 | |
| zeroclipboard_project | zeroclipboard | 1.2.2 | |
| zeroclipboard_project | zeroclipboard | 1.2.3 | |
| zeroclipboard_project | zeroclipboard | 1.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C95E20C-E8E5-4177-B6CC-C7AAB9874B3F",
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A25DABC8-9172-45BA-929A-09787D8C83B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D277410-4FC8-4A41-AA03-264545655F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1186EF88-A330-4053-A373-8246126769D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB3F9E-9B3C-4A59-A7F5-9009502953E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08278232-6FB5-4C56-95E7-5EA381D838BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32D2DCB7-7D13-4E62-B0B4-133196CE887B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EA9387-77FF-4764-9E3E-80132C6F93F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA98F4C-7E6E-470F-B1AE-9FBA1FB3FE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7307B1-1C05-4644-8CEC-4256E08D3513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A05848DC-A88C-4287-90A3-2ADE07A94D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51F0A114-122D-4ECA-B70E-CF9D04E6B215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B5C2BE-AC6A-4793-881C-5EDD290B3762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE8972F-6679-4735-83FD-2F4A0770C9AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "771CCAFF-D346-4276-BA20-6D5F2311356A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7C02A2-2591-4DA0-8373-595379E77C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A68C7E5F-A832-41F4-B9D4-F9B09524ABD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores relacionados con ciertos par\u00e1metros de consulta SWF (tambi\u00e9n conocido como loaderInfo.parameters)."
}
],
"id": "CVE-2014-1869",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-08T00:55:06.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/56821"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65484"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/zeroclipboard/zeroclipboard/pull/335"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/zeroclipboard/zeroclipboard/pull/335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}