Stored Cross-Site Scripting in ClipBucket Video Sharing Platform
CVE-2025-64339

7.2HIGH

Key Information:

Vendor: Macwarrior
Status: Clipbucket-v5
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-64339?

ClipBucket, an open-source video sharing platform, suffers from a stored Cross-Site Scripting (XSS) vulnerability affecting versions v5.5.2-#146 and below. The flaw exists within the 'Manage Playlists' feature, where an authenticated low-privileged user can create playlists with malicious names that include HTML/JavaScript code. When these playlists are displayed on detail and listing pages, the code is executed without escaping, potentially allowing attackers to execute arbitrary JavaScript in the browsers of all viewers, including administrators. This issue has been addressed in version 5.5.2-#147, making it essential for users to update.

Affected Version(s)

clipbucket-v5 < 5.5.2-#147

References

https://github.com/MacWarrior/clipbucket-v5/security/advi...

x_refsource_CONFIRM

https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf7...

x_refsource_MISC

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Oct 30, 2025

JSON

Macwarrior

What is CVE-2025-64339?

Affected Version(s)

References

CVSS V4

Timeline