CVE-2013-1808 β€” Cross-site Scripting in Project Zeroclipboard

CWE-79 β€” Cross-site Scripting8 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zeroclipboard Project Zeroclipboard
Timeline
PublishedApr 2
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

3
GHSA
GHSA-rxmh-jwx2-vgrr: Cross-site scripting (XSS) vulnerability in ZeroClipboard↗2022-05-17
β–Ά
OSV
CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard↗2013-04-02
β–Ά
CVEList
CVE-2013-1808: Cross-site scripting (XSS) vulnerability in ZeroClipboard↗2013-03-28
β–Ά

πŸ“‹Vendor Advisories

3
Jenkins
Jenkins Security Advisory 2013-05-02β†—2013-05-02
β–Ά
Red Hat
stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer↗2013-02-18
β–Ά
Debian
CVE-2013-1808: db4o - Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard1...β†—2013
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer↗2013-03-05
β–Ά
CVE-2013-1808 β€” Cross-site Scripting | cvebase