<script>alert("XSS Found")

Hi, in Google Analytics I found that someone runs that site few times a week:

/videos.php?cat=4<script>alert("XSS Found");</script>&sort=most_recent&time=all_time&seo_cat_name=<script>alert("XSS Found");</script>

It shows window that says “XSS Found”. It only work on https:// and can be run in every website using clipbucket.

Assuming someone checking is my site vulnerable to xss attacks.

Is there a way to prevent that?

what version of ClipBucket are you using?

but I think there is no difference which version is that. I check, this html injection is possible on other websites also, including clipbucket demo website.

Is there a way to prevent that?