Vulnerability Details CVE-2016-1000307
Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2016-1000307
-
cpe:2.3:a:clip-bucket:clipbucket:-
-
cpe:2.3:a:clip-bucket:clipbucket:2.6
-
cpe:2.3:a:clip-bucket:clipbucket:2.7
-
cpe:2.3:a:clip-bucket:clipbucket:2.7.0.5
-
cpe:2.3:a:clip-bucket:clipbucket:2.8.1