ClipBucket v5’s Manage Photo Feature is Vulnerable to Stored XSS...

7.2 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:P

Description

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147.

Basic Information

ID CVE-2025-64336

Source GitHub_M

Published Nov 7, 2025 at 04:32

Affected Product

Vendor MacWarrior

Product clipbucket-v5

Version < 5.5.2-#147

Affected Versions MacWarrior clipbucket-v5 < 5.5.2-#147

CWE Classification

CWE-79 CWE-269

References

{
    "lastseen": "",
    "description": "ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin \u2192 Manage Photos section, resulting in JavaScript execution in the administrator\u2019s browser. This issue is fixed in version 5.5.2-#147.",
    "published": "2025-11-07T04:32:10.401Z",
    "modified": "2025-11-07T04:32:10.401Z",
    "type": "cve",
    "title": "ClipBucket v5's Manage Photo Feature is Vulnerable to Stored XSS Attack via Photo Title",
    "source": "GitHub_M",
    "references": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-hjc2-5329-j49w\nhttps://github.com/MacWarrior/clipbucket-v5/commit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc\nhttps://github.com/MacWarrior/clipbucket-v5/releases/tag/5.5.2-%23147",
    "id": "CVE-2025-64336",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "MacWarrior clipbucket-v5 < 5.5.2-#147",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "clipbucket-v5",
    "version": "< 5.5.2-#147",
    "vendor": "MacWarrior",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ClipBucket v5’s Manage Photo Feature is Vulnerable to Stored XSS Attack via Photo Title_CVE-2025-64336