CVE-2012-6644 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php (2) collections.php (3) groups.php or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
Reference
http://osvdb.org/78193 http://osvdb.org/78194 http://osvdb.org/78195 http://osvdb.org/78196 http://osvdb.org/78197 http://osvdb.org/78198 http://osvdb.org/78199 http://osvdb.org/78200 http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txt http://secunia.com/advisories/47474 http://www.exploit-db.com/exploits/18341 http://www.securityfocus.com/bid/51321 https://exchange.xforce.ibmcloud.com/vulnerabilities/72245
Share on: