CVE-2014-1869

Published: Feb 8, 2014Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).

Affected (18)

Products: Redhat: Openshift · Zeroclipboard Project: Zeroclipboard

1 product

Zeroclipboard Project

1 product

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	Up to 3.1
Zeroclipboard Project Zeroclipboard	Up to 1.3.1
Zeroclipboard Project Zeroclipboard	Version 1.0.5
Zeroclipboard Project Zeroclipboard	Version 1.0.7
Zeroclipboard Project Zeroclipboard	Version 1.0.8
Zeroclipboard Project Zeroclipboard	Version 1.1.0
Zeroclipboard Project Zeroclipboard	Version 1.1.1
Zeroclipboard Project Zeroclipboard	Version 1.1.2
Zeroclipboard Project Zeroclipboard	Version 1.1.3
Zeroclipboard Project Zeroclipboard	Version 1.1.4
Zeroclipboard Project Zeroclipboard	Version 1.1.5
Zeroclipboard Project Zeroclipboard	Version 1.1.6
Zeroclipboard Project Zeroclipboard	Version 1.1.7
Zeroclipboard Project Zeroclipboard	Version 1.2.0
Zeroclipboard Project Zeroclipboard	Version 1.2.1
Zeroclipboard Project Zeroclipboard	Version 1.2.2
Zeroclipboard Project Zeroclipboard	Version 1.2.3
Zeroclipboard Project Zeroclipboard	Version 1.3.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://secunia.com/advisories/56821

Source: cve@mitre.org

http://www.securityfocus.com/bid/65484

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2016:0070

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/91085

Source: cve@mitre.org

https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca

Source: cve@mitre.org

https://github.com/zeroclipboard/zeroclipboard/pull/335

Source: cve@mitre.org

https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2

Source: cve@mitre.org

PatchVendor Advisory

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Source: cve@mitre.org

http://secunia.com/advisories/56821

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65484

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2016:0070

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/91085

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/zeroclipboard/zeroclipboard/pull/335

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.