CVE-2014-1869
published 2014-02-08CVE-2014-1869: Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.79%
84.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | db4o | — | — |
| jenkins | certain_pages_in_monitoring_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | monitoring_plugin | — | — |
| jenkins | user_of_monitoring_plugin | — | — |
| redhat | openshift | <= 3.1 | — |
| zeroclipboard_project | zeroclipboard | <= 1.3.1 | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
| zeroclipboard_project | zeroclipboard | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Jenkins
Jenkins Security Advisory 2014-10-01
vendor_jenkins·2014-10-01·CVSS 5.0
CVE-2013-2186 [MEDIUM] Jenkins Security Advisory 2014-10-01
Title: Jenkins Security Advisory 2014-10-01
Jenkins Security Advisory 2014-10-01
This advisory announces:
multiple security vulnerabilities that were found in Jenkins core.
two security vulnerabilities found in the monitoring plugin
Description
SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)
This vulnerability allows unauthenticated users with access to Jenkins' HTTP/HTTPS port to mount a DoS attack on Jenkins through thread exhaustion.
SECURITY-110/CVE-2014-3662 (User name discovery)
Anonymous users can test if the user of a specific name exists or not through login attempts.
SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration permission)
An user with a permission limited to Job/CONF
Red Hat
stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
vendor_redhat·2014-01-31·CVSS 4.3
CVE-2014-1869 [MEDIUM] CWE-79 stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
Statement: This issue affects the versions of Jenkins as shipped with Red Hat OpenShift Enterprise 1 and 2. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: jenkins (OpenShift Enterprise 1) - Will not fix
Package:
Debian
CVE-2014-1869: db4o - Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in Zero...
vendor_debian·2014·CVSS 4.3
CVE-2014-1869 [MEDIUM] CVE-2014-1869: db4o - Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in Zero...
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
Scope: local
bookworm: open
bullseye: open
GHSA
GHSA-5ghv-fx7f-qq8j: Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard
ghsa_unreviewed·2022-05-17
CVE-2014-1869 [MEDIUM] CWE-79 GHSA-5ghv-fx7f-qq8j: Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
OSV
CVE-2014-1869: Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard
osv·2014-02-08·CVSS 4.3
CVE-2014-1869 [MEDIUM] CVE-2014-1869: Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/56821http://www.securityfocus.com/bid/65484https://access.redhat.com/errata/RHSA-2016:0070https://exchange.xforce.ibmcloud.com/vulnerabilities/91085https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415cahttps://github.com/zeroclipboard/zeroclipboard/pull/335https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01http://secunia.com/advisories/56821http://www.securityfocus.com/bid/65484https://access.redhat.com/errata/RHSA-2016:0070https://exchange.xforce.ibmcloud.com/vulnerabilities/91085https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415cahttps://github.com/zeroclipboard/zeroclipboard/pull/335https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
2014-02-08
Published