CVE-2025-64336

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2-#146 and below

Description ClipBucket is a video sharing platform. A stored Cross-site Scripting (XSS) issue exists in the Manage Photos feature. An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. This code is rendered unsafely in the Admin → Manage Photos section, leading to JavaScript execution in the administrator’s browser. The Photo Title is the vulnerable parameter.

Recommendations Update to ClipBucket version 5.5.2-#147.