5 matches found
baijiacms Cross-Site Scripting Vulnerability
baijiacms is a content management system CMS for e-commerce. A cross-site scripting vulnerability exists in the 'id' parameter of the assets/weengine/components/zclip/ZeroClipboard.swf file in version 4 of baijiacms, which can be exploited by a remote attacker to obtain cookies and other sensitiv...
CVE-2018-16725
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."...
UBUNTU-CVE-2014-1869
Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...
DEBIAN-CVE-2013-1808
Cross-site scripting XSS vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is...
DEBIAN-CVE-2012-6550
Cross-site scripting XSS vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808...