CVE-2013-1463
published 2013-02-07CVE-2013-1463: Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
6.35%
92.8th percentile
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | db4o | — | — |
| wp-table_reloaded_project | wp-table_reloaded | < 1.9.4 | 1.9.4 |
| zeroclipboard_project | zeroclipboard | <= 1.0.7 | — |
| zeroclipboard_project | zeroclipboard | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer
vendor_redhat·2013-02-18·CVSS 4.3
CVE-2013-1808 [MEDIUM] CWE-79 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer
stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
Package: Django (Red Hat Subscription Asset Manager) - Not affected
Debian
CVE-2013-1808: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard1...
vendor_debian·2013·CVSS 4.3
CVE-2013-1808 [MEDIUM] CVE-2013-1808: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard1...
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
Scope: local
bookworm: open
bullseye: open
GHSA
GHSA-rxmh-jwx2-vgrr: Cross-site scripting (XSS) vulnerability in ZeroClipboard
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2013-1808 [MEDIUM] CWE-79 GHSA-rxmh-jwx2-vgrr: Cross-site scripting (XSS) vulnerability in ZeroClipboard
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
GHSA
GHSA-3696-x4fh-6hw8: Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2013-1463 [MEDIUM] CWE-79 GHSA-3696-x4fh-6hw8: Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
OSV
CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard
osv·2013-04-02·CVSS 4.3
CVE-2013-1808 [MEDIUM] CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/89754http://packetstormsecurity.com/files/119968/WordPress-WP-Table-Reloaded-Cross-Site-Scripting.htmlhttp://secunia.com/advisories/52027http://tobias.baethge.com/2013/01/maintenance-release-wp-table-reloaded-1-9-4/http://www.securityfocus.com/bid/57664https://exchange.xforce.ibmcloud.com/vulnerabilities/81748http://osvdb.org/89754http://packetstormsecurity.com/files/119968/WordPress-WP-Table-Reloaded-Cross-Site-Scripting.htmlhttp://secunia.com/advisories/52027http://tobias.baethge.com/2013/01/maintenance-release-wp-table-reloaded-1-9-4/http://www.securityfocus.com/bid/57664https://exchange.xforce.ibmcloud.com/vulnerabilities/81748
2013-02-07
Published