cbcvebase.
CVE-2014-1869
published 2014-02-08

CVE-2014-1869: Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow…

PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.79%
84.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).

Affected

23 ranges
VendorProductVersion rangeFixed in
debiandb4o
jenkinscertain_pages_in_monitoring_plugin
jenkinsjenkins_core
jenkinsmonitoring_plugin
jenkinsuser_of_monitoring_plugin
redhatopenshift<= 3.1
zeroclipboard_projectzeroclipboard<= 1.3.1
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard
zeroclipboard_projectzeroclipboard

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.