CVE-2015-4673

MEDIUM

Clip-bucket Clipbucket - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php.

References (3)

Scores

CVSS v3 5.4
EPSS 0.0019
EPSS Percentile 40.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (2)

clip-bucket/clipbucket
n/a/n/a

Timeline

Published Apr 06, 2017
Tracked Since Feb 18, 2026