CVE-2025-62430

Name of the Vulnerable Software and Affected Versions ClipBucket versions through 5.5.2 build #145

Description ClipBucket is an open source video sharing platform. Versions through build 5.5.2 #145 contain a stored cross-site scripting (XSS) issue in video and photo metadata fields. Specifically, the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos for videos, and the Photo Title and Photo Tags fields for photos, accept user-supplied values without proper sanitization. A regular user with editing privileges can inject script that executes when any user views the affected video or photo page. The injected script can issue fetch requests to endpoints such as admin area pages and potentially exfiltrate their contents or trigger unintended actions.

Recommendations Update to ClipBucket version 5.5.2 build #146 or later.