Stored Cross-Site Scripting in ClipBucket Video Sharing Platform
CVE-2025-62430

5.4MEDIUM

Key Information:

Vendor: Macwarrior
Status: Clipbucket-v5
Vendor: CVE Published:; 17 October 2025

What is CVE-2025-62430?

ClipBucket v5 is an open-source video sharing platform that allows users to upload videos and photos. A recent vulnerability in builds up to 5.5.2 #145 has been identified that permits stored cross-site scripting (XSS) in multiple metadata fields associated with videos and photos. Specifically, fields such as Tags, Genre, Actors, Producer, Executive Producer, and Director for videos, as well as Photo Title and Photo Tags for photos, do not adequately sanitize user input. As a result, a malicious user with editing privileges can inject scripts. When any user, including site visitors or administrators, views the page of the affected video or photo, the injected script can execute, potentially exfiltrating sensitive information or triggering unauthorized actions. Users are advised to update to build 5.5.2 #146 or later, as there are no known workarounds for this vulnerability.

Affected Version(s)

clipbucket-v5 < 5.5.2 - #146

References

https://github.com/MacWarrior/clipbucket-v5/security/advi...

x_refsource_CONFIRM

https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf7...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Oct 13, 2025

CVE-2025-62430 Data

JSON

Macwarrior

What is CVE-2025-62430?

Affected Version(s)

References

CVSS V3.1

Timeline