Home

Description

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored XSS. The payload is rendered unsafely in the Admin → Manage Photos interface, causing it to execute in the administrator’s browser, therefore allowing an attacker to target administrators and perform actions with elevated privileges. This issue is fixed in version 5.5.2 - #157.

PUBLISHED Reserved 2025-10-30 | Published 2025-12-15 | Updated 2025-12-16 | Assigner GitHub_M




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-269: Improper Privilege Management

Product status

< 5.5.2 - #157
affected

References

github.com/...ket-v5/security/advisories/GHSA-93rh-fxxx-j38j

github.com/...ommit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc

cve.org (CVE-2025-64338)

nvd.nist.gov (CVE-2025-64338)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.