Stored Cross-Site Scripting in ClipBucket Video Sharing Platform

CVE-2025-62430

What is CVE-2025-62430?

ClipBucket v5 is an open-source video sharing platform that allows users to upload videos and photos. A recent vulnerability in builds up to 5.5.2 #145 has been identified that permits stored cross-site scripting (XSS) in multiple metadata fields associated with videos and photos. Specifically, fields such as Tags, Genre, Actors, Producer, Executive Producer, and Director for videos, as well as Photo Title and Photo Tags for photos, do not adequately sanitize user input. As a result, a malicious user with editing privileges can inject scripts. When any user, including site visitors or administrators, views the page of the affected video or photo, the injected script can execute, potentially exfiltrating sensitive information or triggering unauthorized actions. Users are advised to update to build 5.5.2 #146 or later, as there are no known workarounds for this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References