Stored XSS Vulnerability in ClipBucket Video Sharing Platform
CVE-2025-64336

7.2HIGH

Key Information:

Vendor

Macwarrior

Status
Clipbucket-v5
Vendor
CVE Published:
7 November 2025

What is CVE-2025-64336?

ClipBucket, an open source video sharing platform, has a vulnerability within its Manage Photos feature, affecting versions 5.5.2-#146 and below. This issue allows an authenticated regular user to upload a photo with a malicious title containing HTML/JavaScript code. Although the malicious payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely within the Admin → Manage Photos section. This leads to potential JavaScript execution in the administrator’s browser, posing significant risks to site security. The issue has been addressed in version 5.5.2-#147.

Affected Version(s)

clipbucket-v5 < 5.5.2-#147

References

https://github.com/MacWarrior/clipbucket-v5/security/advi...
x_refsource_CONFIRM
https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf7...
x_refsource_MISC
https://github.com/MacWarrior/clipbucket-v5/releases/tag/...
x_refsource_MISC

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64336 : Stored XSS Vulnerability in ClipBucket Video Sharing Platform