CVE-2012-6644

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.

Reference

http://osvdb.org/78193
http://osvdb.org/78194
http://osvdb.org/78195
http://osvdb.org/78196
http://osvdb.org/78197
http://osvdb.org/78198
http://osvdb.org/78199
http://osvdb.org/78200
http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txt
http://secunia.com/advisories/47474
http://www.exploit-db.com/exploits/18341
http://www.securityfocus.com/bid/51321
https://exchange.xforce.ibmcloud.com/vulnerabilities/72245

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:32

Objavljeno

08-04-2014 - 14:22