CVE-2013-1808
published 2013-04-02CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
6.32%
92.7th percentile
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | db4o | — | — |
| jenkins | jenkins_core | — | — |
| wp-table_reloaded_project | wp-table_reloaded | < 1.9.4 | 1.9.4 |
| zeroclipboard_project | zeroclipboard | <= 1.0.7 | — |
| zeroclipboard_project | zeroclipboard | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Jenkins
Jenkins Security Advisory 2013-05-02
vendor_jenkins·2013-05-02·CVSS 4.3
CVE-2013-1808 [MEDIUM] Jenkins Security Advisory 2013-05-02
Title: Jenkins Security Advisory 2013-05-02
Jenkins Security Advisory 2013-05-02
This advisory announces multiple security vulnerabilities that were found in Jenkins core.
Description
SECURITY-63 / CVE-2013-2034
This creates a cross-site request forgery (CSRF) vulnerability on the Jenkins controller, where an anonymous attacker can trick an administrator to execute arbitrary code on the Jenkins controller by having him open a specifically crafted attack URL.
There’s also a related vulnerability where the permission check on this ability is done imprecisely, which may affect those who are running Jenkins instances with a custom authorization strategy plugin.
SECURITY-67 / CVE-2013-2033
This creates a cross-site scripting (XSS) vulnera
Red Hat
stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer
vendor_redhat·2013-02-18·CVSS 4.3
CVE-2013-1808 [MEDIUM] CWE-79 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer
stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
Package: Django (Red Hat Subscription Asset Manager) - Not affected
Debian
CVE-2013-1808: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard1...
vendor_debian·2013·CVSS 4.3
CVE-2013-1808 [MEDIUM] CVE-2013-1808: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard1...
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
Scope: local
bookworm: open
bullseye: open
Debian
CVE-2012-6550: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows re...
vendor_debian·2012·CVSS 4.3
CVE-2012-6550 [MEDIUM] CVE-2012-6550: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows re...
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
Scope: local
bookworm: open
bullseye: open
GHSA
GHSA-rxmh-jwx2-vgrr: Cross-site scripting (XSS) vulnerability in ZeroClipboard
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2013-1808 [MEDIUM] CWE-79 GHSA-rxmh-jwx2-vgrr: Cross-site scripting (XSS) vulnerability in ZeroClipboard
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
GHSA
GHSA-hjgf-372j-38jj: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2012-6550 [MEDIUM] CWE-79 GHSA-hjgf-372j-38jj: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
GHSA
GHSA-3696-x4fh-6hw8: Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2013-1463 [MEDIUM] CWE-79 GHSA-3696-x4fh-6hw8: Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.
OSV
CVE-2012-6550: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1
osv·2013-04-02·CVSS 4.3
CVE-2012-6550 [MEDIUM] CVE-2012-6550: Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
OSV
CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard
osv·2013-04-02·CVSS 4.3
CVE-2013-1808 [MEDIUM] CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
No detection rules found.
No public exploits indexed.
http://seclists.org/fulldisclosure/2013/Apr/87http://seclists.org/fulldisclosure/2013/Apr/88http://seclists.org/fulldisclosure/2013/Feb/103http://seclists.org/fulldisclosure/2013/Feb/109http://seclists.org/fulldisclosure/2013/Mar/5http://securityvulns.ru/docs29103.htmlhttp://securityvulns.ru/docs29104.htmlhttp://securityvulns.ru/docs29105.htmlhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cbhttp://www.openwall.com/lists/oss-security/2013/03/03/3http://www.openwall.com/lists/oss-security/2013/03/10/2http://www.openwall.com/lists/oss-security/2013/03/25/1http://www.openwall.com/lists/oss-security/2013/03/26/8http://www.securityfocus.com/bid/58257https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696http://seclists.org/fulldisclosure/2013/Apr/87http://seclists.org/fulldisclosure/2013/Apr/88http://seclists.org/fulldisclosure/2013/Feb/103http://seclists.org/fulldisclosure/2013/Feb/109http://seclists.org/fulldisclosure/2013/Mar/5http://securityvulns.ru/docs29103.htmlhttp://securityvulns.ru/docs29104.htmlhttp://securityvulns.ru/docs29105.htmlhttp://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cbhttp://www.openwall.com/lists/oss-security/2013/03/03/3http://www.openwall.com/lists/oss-security/2013/03/10/2http://www.openwall.com/lists/oss-security/2013/03/25/1http://www.openwall.com/lists/oss-security/2013/03/26/8http://www.securityfocus.com/bid/58257https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696
2013-04-02
Published