Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-6550 — Cross-site Scripting in Project Zeroclipboard

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

4.1%

top 11.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zeroclipboard Project Zeroclipboard

Timeline

PublishedApr 2

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDzeroclipboard_project/zeroclipboard1.0.7+1

🔴Vulnerability Details

GHSA

GHSA-hjgf-372j-38jj: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1↗2022-05-17

▶

OSV

CVE-2012-6550: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1↗2013-04-02

▶

CVEList

CVE-2012-6550: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1↗2013-03-28

▶

💥Exploits & PoCs

Exploit-DB

ZeroClipboard 1.9.x - 'id' Cross-Site Scripting↗2013-02-20

▶

📋Vendor Advisories

Debian

CVE-2012-6550: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows re...↗2012

▶