Oxygenz Clipbucket vulnerabilities
25 known vulnerabilities affecting oxygenz/clipbucket.
Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH8MEDIUM11
Vulnerabilities
Page 2 of 2
CVE-2025-64339P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1472025-11-07
CVE-2025-64339 [MEDIUM] CWE-79 CVE-2025-64339: ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped
nvd
CVE-2025-64336P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1472025-11-07
CVE-2025-64336 [MEDIUM] CWE-79 CVE-2025-64336: ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage
ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or de
nvd
CVE-2025-62430P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1462025-10-17
CVE-2025-62430 [MEDIUM] CWE-79 CVE-2025-62430: ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allow
ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos accept user supplied values without adequate sanitization.
nvd
CVE-2026-26997P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.3-592026-02-27
CVE-2026-26997 [MEDIUM] CWE-79 CVE-2026-26997: ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authent
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.
nvd
CVE-2025-62715P4MEDIUMCVSS 5.4≥ 5.3, < 5.5.2-1572025-11-04
CVE-2025-62715 [MEDIUM] CWE-79 CVE-2025-62715: ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stor
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later rendered unescaped in collection detail and tag-list pages. As a result, ar
nvd
← Previous2 / 2