CVE-2025-64339

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2-#146 and below

Description ClipBucket is a video sharing platform. Versions 5.5.2-#146 and below have a stored Cross-site Scripting (XSS) issue in the Manage Playlists feature. Specifically, the Playlist Name field allows an authenticated, low-privileged user to inject malicious HTML/JavaScript code. This code is rendered without proper escaping on playlist detail and listing pages, leading to arbitrary JavaScript execution in the browsers of all viewers, including administrators. The vulnerable field is the Playlist Name field.

Recommendations Update to version 5.5.2-#147.