FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-1808

This CVE name corresponds to:

Entered Topic
2013-05-03 jenkins -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-1808 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-1808
Phase Assigned(20130219)

Description

Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.

References

Source Reference
FULLDISC 20130218 XSS vulnerabilities in ZeroClipboard
FULLDISC 20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery
FULLDISC 20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
FULLDISC 20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress
FULLDISC 20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress
MLIST [oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf
MLIST [oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808
MLIST [oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications
MLIST [oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808
MISC http://securityvulns.ru/docs29103.html
MISC http://securityvulns.ru/docs29104.html
MISC http://securityvulns.ru/docs29105.html
CONFIRM https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108
CONFIRM https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696
CONFIRM http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
BID 58257

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.