CVE-2013-1808
Zendesk Chat < 1.2.6 - Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
Una vulnerabilidad de tipo Cross-site scripting (XSS) en los archivos ZeroClipboard.swf y ZeroClipboard10.swf en ZeroClipboard anterior a versión 1.0.8, tal como es usado en em-shorty, RepRapCalculator, Fulcrum, Django, aCMS y otros productos, permite a atacantes remotos inyectar script web HTML arbitrario por medio del parámetro id. NOTA: esta es la misma vulnerabilidad que CVE-2013-1463. Si es así, es probable que CVE-2013-1463 será RECHAZADO.
ZeroClipboard.swf as included with multiple themes in WordPress suffers from cross site scripting and path disclosure vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-02-18 CVE Published
- 2013-02-19 CVE Reserved
- 2023-03-27 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2013/Apr/87 | Mailing List |
|
| http://seclists.org/fulldisclosure/2013/Apr/88 | Mailing List |
|
| http://seclists.org/fulldisclosure/2013/Feb/103 | Mailing List |
|
| http://seclists.org/fulldisclosure/2013/Feb/109 | Mailing List |
|
| http://seclists.org/fulldisclosure/2013/Mar/5 | Mailing List |
|
| http://securityvulns.ru/docs29103.html | X_refsource_misc | |
| http://securityvulns.ru/docs29105.html | X_refsource_misc | |
| http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2013/03/03/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/03/25/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2013/03/26/8 | Mailing List |
|
| https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108 | X_refsource_confirm | |
| https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://securityvulns.ru/docs29104.html | 2024-08-06 | |
| http://www.openwall.com/lists/oss-security/2013/03/10/2 | 2024-08-06 | |
| http://www.securityfocus.com/bid/58257 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zeroclipboard Project Search vendor "Zeroclipboard Project" | Zeroclipboard Search vendor "Zeroclipboard Project" for product "Zeroclipboard" | <= 1.0.7 Search vendor "Zeroclipboard Project" for product "Zeroclipboard" and version " <= 1.0.7" | - |
Affected
| ||||||
| Zeroclipboard Project Search vendor "Zeroclipboard Project" | Zeroclipboard Search vendor "Zeroclipboard Project" for product "Zeroclipboard" | 1.0.5 Search vendor "Zeroclipboard Project" for product "Zeroclipboard" and version "1.0.5" | - |
Affected
| ||||||