You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
Mend Note: Converted from WS-2017-0139, on 2022-11-08.
Vulnerable Library - ZeroClipboard-1.1.7.min.js
The ZeroClipboard library provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie and a JavaScript interface.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/zeroclipboard/1.1.7/ZeroClipboard.min.js
Path to vulnerable library: /vendor/forkawesome/fork-awesome/src/doc/assets/js/ZeroClipboard-1.1.7.min.js
Found in HEAD commit: ad06856b39153f425da332dea44087d7b4bf93ce
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2012-6550
Vulnerable Library - ZeroClipboard-1.1.7.min.js
The ZeroClipboard library provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie and a JavaScript interface.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/zeroclipboard/1.1.7/ZeroClipboard.min.js
Path to vulnerable library: /vendor/forkawesome/fork-awesome/src/doc/assets/js/ZeroClipboard-1.1.7.min.js
Dependency Hierarchy:
Found in HEAD commit: ad06856b39153f425da332dea44087d7b4bf93ce
Found in base branch: raconteur
Vulnerability Details
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.
Mend Note: Converted from WS-2017-0139, on 2022-11-08.
Publish Date: 2013-04-02
URL: CVE-2012-6550
CVSS 3 Score Details (3.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6550
Release Date: 2013-03-28
Fix Resolution: zeroclipboard - 1.2.2
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: