cbcvebase.

Oxygenz Clipbucket vulnerabilities

25 known vulnerabilities affecting oxygenz/clipbucket.

Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH8MEDIUM11

Vulnerabilities

Page 2 of 2
CVE-2025-64339P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1472025-11-07
CVE-2025-64339 [MEDIUM] CWE-79 CVE-2025-64339: ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped
nvd
CVE-2025-64336P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1472025-11-07
CVE-2025-64336 [MEDIUM] CWE-79 CVE-2025-64336: ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or de
nvd
CVE-2025-62430P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1462025-10-17
CVE-2025-62430 [MEDIUM] CWE-79 CVE-2025-62430: ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allow ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos accept user supplied values without adequate sanitization.
nvd
CVE-2026-26997P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.3-592026-02-27
CVE-2026-26997 [MEDIUM] CWE-79 CVE-2026-26997: ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authent ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.
nvd
CVE-2025-62715P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1572025-11-04
CVE-2025-62715 [MEDIUM] CWE-79 CVE-2025-62715: ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stor ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later rendered unescaped in collection detail and tag-list pages. As a result, ar
nvd
Oxygenz Clipbucket vulnerabilities | cvebase