CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1869 – stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
https://notcve.org/view.php?id=CVE-2014-1869
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). Múltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con ciertos parámetros de consulta SWF (también conocido como loaderInfo.parameters). • http://secunia.com/advisories/56821 http://www.securityfocus.com/bid/65484 https://access.redhat.com/errata/RHSA-2016:0070 https://exchange.xforce.ibmcloud.com/vulnerabilities/91085 https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca https://github.com/zeroclipboard/zeroclipboard/pull/335 https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6550 – ZeroClipboard 1.9.x - 'id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6550
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808. Una vulnerabilidad de tipo Cross-site scripting (XSS) en ZeroClipboard anterior a versión 1.1.4, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de "the clipText returned from the flash object," una vulnerabilidad diferente de CVE-2013-1808. • https://www.exploit-db.com/exploits/38329 http://seclists.org/fulldisclosure/2013/Feb/103 https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114 https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2013-1808 – Zendesk Chat < 1.2.6 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-1808
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed. Una vulnerabilidad de tipo Cross-site scripting (XSS) en los archivos ZeroClipboard.swf y ZeroClipboard10.swf en ZeroClipboard anterior a versión 1.0.8, tal como es usado en em-shorty, RepRapCalculator, Fulcrum, Django, aCMS y otros productos, permite a atacantes remotos inyectar script web HTML arbitrario por medio del parámetro id. NOTA: esta es la misma vulnerabilidad que CVE-2013-1463. • http://seclists.org/fulldisclosure/2013/Apr/87 http://seclists.org/fulldisclosure/2013/Apr/88 http://seclists.org/fulldisclosure/2013/Feb/103 http://seclists.org/fulldisclosure/2013/Feb/109 http://seclists.org/fulldisclosure/2013/Mar/5 http://securityvulns.ru/docs29103.html http://securityvulns.ru/docs29104.html http://securityvulns.ru/docs29105.html http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb http://www.openwall.com/lists/oss-security/2013/03&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •