Description
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
Remediation
References
http://seclists.org/fulldisclosure/2013/Feb/103
https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-114
https://github.com/jonrohan/ZeroClipboard/commit/51b67b6d696f62aaf003210c08542588222c4913
Related Vulnerabilities
CVE-2013-4378 Vulnerability in maven package net.bull.javamelody:javamelody-core
CVE-2018-6341 Vulnerability in maven package org.webjars.npm:react-dom
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2017-3155 Vulnerability in maven package org.apache.atlas:apache-atlas