CVE-2012-6644

Name of the Vulnerable Software and Affected Versions ClipBucket version 2.6

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters in different PHP files, including the cat parameter to files such as channels.php, collections.php, groups.php, or videos.php, the query parameter to search result.php, or the type parameter to view collection.php or view item.php. For example, attackers can exploit the cat parameter in channels.php or the query parameter in search result.php.

Recommendations For ClipBucket version 2.6, consider disabling the vulnerable parameters, such as cat, query, and type, in the respective PHP files until a patch is available. Restrict access to the affected PHP files, including channels.php, collections.php, groups.php, videos.php, search result.php, view collection.php, and view item.php, to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.