{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T15:51:12.493","vulnerabilities":[{"cve":{"id":"CVE-2025-64339","sourceIdentifier":"security-advisories@github.com","published":"2025-11-07T06:15:33.477","lastModified":"2026-06-17T09:54:14.273","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containing HTML/JavaScript code, which is rendered unescaped on playlist detail and listing pages. This results in arbitrary JavaScript execution in every viewer’s browser, including administrators. This issue is fixed in version 5.5.2-#147."},{"lang":"es","value":"ClipBucket v5 es una plataforma de código abierto para compartir videos. En las versiones 5.5.2-#146 e inferiores, la función 'Manage Playlists' (Gestionar Listas de Reproducción) es vulnerable a 'cross-site scripting' (XSS) almacenado, específicamente en el campo 'Playlist Name' (Nombre de la Lista de Reproducción). Un usuario autenticado con bajos privilegios puede crear una lista de reproducción con un nombre malicioso que contenga código HTML/JavaScript, el cual se renderiza sin escapar en las páginas de detalle y listado de las listas de reproducción. Esto resulta en la ejecución arbitraria de JavaScript en el navegador de cada espectador, incluyendo a los administradores. Este problema está solucionado en la versión 5.5.2-#147."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"MacWarrior","product":"clipbucket-v5","versions":[{"version":"< 5.5.2-#147","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-11-07T17:29:37.164466Z","id":"CVE-2025-64339","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.5.2-147","matchCriteriaId":"31214EBB-325C-478D-9E78-FACDB17B17D2"}]}]}],"references":[{"url":"https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-c695-m4g4-v3fv","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}