CVE-2015-4673

Name of the Vulnerable Software and Affected Versions ClipBucket version 2.7.0.5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The injection can occur via specific parameters in certain PHP files, including the collection description parameter to "upload/manage collections.php" in an add new action, and the photo description, photo tags, or photo title parameters to "upload/actions/photo uploader.php".

Recommendations For ClipBucket version 2.7.0.5, consider restricting access to the upload/manage collections.php and upload/actions/photo uploader.php files until a patch is available. As a temporary workaround, avoid using the collection description, photo description, photo tags, and photo title parameters in the affected API endpoints until the issue is resolved.