Multiple Cross Site Scripting (XSS) Vulnerabilities in...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Apr 6, 2017
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 27, 2023
Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673.
References