Description

Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.

Remediation

References

CVE-2012-6644

Related Vulnerabilities

WordPress Plugin Custom Login Cross-Site Scripting (3.2)

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)

WordPress Plugin ReDi Restaurant Reservation Cross-Site Scripting (21.0307)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11069)

WordPress Plugin G Auto-Hyperlink SQL Injection (1.0.1)

Severity

Medium

Classification

CVE-2012-6644 CWE-707

Tags

Missing Update Known Vulnerabilities