Deependra Bapna

**Name of the Vulnerable Software and Affected Versions** ClipBucket version 2.7.0.5 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The injection can occur via specific parameters in certain PHP files, including the `collection description` parameter to "upload/manage collections.php" in an add new action, and the `photo description`, `photo tags`, or `photo title` parameters to "upload/actions/photo uploader.php". **Recommendations** For ClipBucket version 2.7.0.5, consider restricting access to the upload/manage collections.php and upload/actions/photo uploader.php files until a patch is available. As a temporary workaround, avoid using the `collection description`, `photo description`, `photo tags`, and `photo title` parameters in the affected API endpoints until the issue is resolved.