CVE-2025-62715

Medium CVSS: 5.3

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later rendered unescaped in collection detail and tag-list pages. As a result, arbitrary JavaScript executes in the browsers of all users who view the affected pages. This issue is fixed in version 5.5.2-#152.

Vendor

Oxygenz

Product

Clipbucket

CWE

CWE-79

Yayın Tarihi

2025-11-04 22:16:38

Güncelleme

2025-11-10 19:58:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Clipbucket MEDIUM Oxygenz 2025

Referanslar

https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-h5f4-wj75-39x3

Benzer Kayıtlar

High

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability ex…

Medium

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulne…

Low

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can stor…

Medium

CVE-2026-26005

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows…

Critical

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) ra…

Critical

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind…