Description
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
Remediation
References
http://seclists.org/fulldisclosure/2013/Feb/103
https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114
https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913
Related Vulnerabilities
CVE-2023-33940 Vulnerability in maven package com.liferay:com.liferay.client.extension.type.impl
CVE-2016-10735 Vulnerability in maven package ru.taskurotta:bootstrap
CVE-2016-10735 Vulnerability in maven package org.ow2.jonas:bootstrap
CVE-2023-25572 Vulnerability in npm package ra-ui-materialui
CVE-2023-50100 Vulnerability in maven package com.jfinal:jfinal