Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard     before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows     remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the     same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
    (CVE-2013-1808)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by multiple vulnerabilities :

  - The included component 'ZeroClipboard' contains an     error in the file 'ZeroClipboard10.swf' that could     allow cross-site scripting attacks.
    (CVE-2013-1808)

  - An unspecified cross-site scripting error exists.
    (CVE-2013-2033)

  - Multiple errors exist that could lead to cross-site     request forgery attacks, thus allowing an attacker to     trick an administrator into executing arbitrary code.
    (CVE-2013-2034)

Jenkins Security Advisory reports :

This advisory announces multiple security vulnerabilities that were found in Jenkins core.

- SECURITY-63 / CVE-2013-2034

This creates a cross-site request forgery (CSRF) vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to execute arbitrary code on Jenkins master by having him open a specifically crafted attack URL.

There's also a related vulnerability where the permission check on this ability is done imprecisely, which may affect those who are running Jenkins instances with a custom authorization strategy plugin.

- SECURITY-67 / CVE-2013-2033

This creates a cross-site scripting (XSS) vulnerability, where an attacker with a valid user account on Jenkins can execute JavaScript in the browser of other users, if those users are using certain browsers.

- SECURITY-69 / CVE-2013-2034

This is another CSRF vulnerability that allows an attacker to cause a deployment of binaries to Maven repositories. This vulnerability has the same CVE ID as SEUCRITY-63.

- SECURITY-71 / CVE-2013-1808

This creates a cross-site scripting (XSS) vulnerability.

ID	Name	Product	Family	Severity
217944	Linux Distros Unpatched Vulnerability : CVE-2013-1808	Nessus	Misc.	low
66898	Jenkins < 1.514 / 1.509.1 and Jenkins Enterprise 1.466.x / 1.480.x < 1.466.14.1 / 1.480.4.1 Multiple Vulnerabilities	Nessus	CGI abuses	medium
66311	FreeBSD : jenkins -- multiple vulnerabilities (622e14b1-b40c-11e2-8441-00e0814cab4e)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2013-1808

low

Tenable Plugins

low

medium

medium