Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2013-1808

Disclosure Date: April 02, 2013 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

References

Canonical

CVE-2013-1808 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1808)

BID-58257 (http://www.securityfocus.com/bid/58257)

Advisory

https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696

http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

[oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808 (http://www.openwall.com/lists/oss-security/2013/03/26/8)

20130218 XSS vulnerabilities in ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103)

20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery (http://seclists.org/fulldisclosure/2013/Feb/109)

[oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf (http://www.openwall.com/lists/oss-security/2013/03/03/3)

20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS (http://seclists.org/fulldisclosure/2013/Mar/5)

20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress (http://seclists.org/fulldisclosure/2013/Apr/87)

https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108

[oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808 (http://www.openwall.com/lists/oss-security/2013/03/10/2)

20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress (http://seclists.org/fulldisclosure/2013/Apr/88)

[oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications (http://www.openwall.com/lists/oss-security/2013/03/25/1)

Miscellaneous

http://securityvulns.ru/docs29105.html

http://securityvulns.ru/docs29103.html

http://securityvulns.ru/docs29104.html

https://access.redhat.com/errata/RHEA-2013:1032

https://access.redhat.com/security/cve/CVE-2013-1808

https://bugzilla.redhat.com/show_bug.cgi?id=918054

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02

Rapid7

Technical Analysis