XSS in Macwarrior Clipbucket-v5

CVE-2025-64338

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Mana…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.

Affected products

Macwarrior Clipbucket-v5 — versions < 5.5.2 - #157

Weakness classification (CWE)

References

https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-93rh-fxxx-j38j (x_refsource_CONFIRM)
https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc (x_refsource_MISC)