Vendor
Clip Bucket
Products
1
CVEs
8
Across products
8
Status
Private
Products
1- 8 CVEs
Recent CVEs
8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1000307 | Med | 0.40 | 6.1 | 0.00 | Apr 6, 2017 | Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673. | |
| CVE-2015-4673 | Med | 0.35 | 5.4 | 0.00 | Apr 6, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. | |
| CVE-2012-6644 | 0.04 | — | 0.12 | Apr 8, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php. | ||
| CVE-2012-6643 | 0.04 | — | 0.12 | Apr 8, 2014 | Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. | ||
| CVE-2015-2102 | 0.03 | — | 0.03 | Feb 27, 2015 | SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | ||
| CVE-2014-4187 | 0.00 | — | 0.00 | Jun 17, 2014 | Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field. | ||
| CVE-2012-6642 | 0.00 | — | 0.00 | Apr 8, 2014 | Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2011-3717 | 0.00 | — | 0.00 | Sep 23, 2011 | ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files. |