216.73.216.170

CVE-2025-64336

· Published 07/11/2025 05:16 · Modified 05/12/2025 20:57

Labels: CVE-2025-64336 2025-11-07CVE-2025-64336CWE-79[email protected]

Essential information

Published
07/11/2025 05:16
Modified
05/12/2025 20:57
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
oxygenz / clipbucket cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*

References