Описание
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.
Уязвимые конфигурации
Конфигурация 1Версия от 5.3 (включая) до 5.5.2-147 (исключая)
cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 13%
0.00042
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79