ClipBucket Stored Cross-Site Scripting Vulnerability in Manage Photos Feature

A stored cross-site scripting vulnerability has been identified in ClipBucket version 5.5.2-#146 and earlier, specifically within the Manage Photos feature. This vulnerability allows an authenticated regular user to upload a photo with a malicious title containing HTML or JavaScript. While the injected script does not execute in the user-facing photo gallery or detail pages, it is improperly rendered in the Admin Manage Photos section, leading to JavaScript execution in the administrator's browser. This vulnerability could potentially be exploited to escalate privileges by targeting administrative users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of an administrator's browser.

Reproduction

To reproduce this vulnerability, log in as a regular authenticated user and navigate to the Upload Photo section. Upload a photo and set the Photo Title to include a script payload, such as an image tag with an onerror event. Complete the upload process, then log in as an administrator and go to the Admin Area Manage Photos section. The malicious photo title will be displayed without proper escaping, and the JavaScript will execute in the admin's browser.

Remediation

Users can update to ClipBucket version 5.5.2-#147 or later, where this vulnerability has been fixed.