Vulnerability Details : CVE-2014-1869
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-1869
- cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:*:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:zeroclipboard_project:zeroclipboard:1.1.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1869
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1869
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-1869
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1869
-
https://github.com/zeroclipboard/zeroclipboard/pull/335
Using a replace function instead by jonrohan · Pull Request #335 · zeroclipboard/zeroclipboard · GitHub
-
https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca
Hardening sanitization technique in Flash · zeroclipboard/zeroclipboard@2f9eb97 · GitHub
-
https://access.redhat.com/errata/RHSA-2016:0070
RHSA-2016:0070 - Security Advisory - Red Hat Customer Portal
-
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
Jenkins Security Advisory 2014-10-01 - Security Advisories - Jenkins Wiki
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/91085
ZeroClipboard ZeroClipboard.swf cross-site scripting CVE-2014-1869 Vulnerability Report
-
https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2
Release XSS Vulnerability Patch · zeroclipboard/zeroclipboard · GitHubPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/65484
ZeroClipboard 'ZeroClipboard.swf' Multiple Cross Site Scripting Vulnerabilities
Jump to