ClipBucket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-1000307 - Vulnerability Database

ClipBucket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-1000307

Medium
Reference: CVE-2016-1000307
Title: ClipBucket Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc about_me schools occupation companies hobbies fav_movies fav_music fav_books parameters to ProfileSettings page (2) note parameter to PersonalNotes Section (3) closed_msg description allowed_types parameters to WebsiteConfigurations Section. NOTE: the collection_description vector is already covered by CVE-2015-4673.