CVE-2025-64338

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-#156

Description An authenticated regular user can create a photo collection with a collection name containing HTML/JavaScript payloads. This makes the Manage Photos feature susceptible to Stored Cross-Site Scripting (XSS). The payload is rendered unsafely within the Admin → Manage Photos interface, leading to execution in the administrator’s browser. This allows an attacker to target administrators and potentially perform actions with elevated privileges.

Recommendations Update to version 5.5.2-#157 or later.