CVE-2025-62715
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-04

Last updated on: 2025-11-10

Assigner: GitHub, Inc.

Description
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#147 and below contain a stored Cross-Site Scripting (XSS) vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later rendered unescaped in collection detail and tag-list pages. As a result, arbitrary JavaScript executes in the browsers of all users who view the affected pages. This issue is fixed in version 5.5.2-#152.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-04
Last Modified
2025-11-10
Generated
2026-06-16
AI Q&A
2025-11-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62715
EUVD
EUVD-2025-37913
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oxygenz clipbucket From 5.3 (inc) to 5.5.2-157 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stored Cross-Site Scripting (XSS) issue in ClipBucket v5 versions 5.5.2-#147 and below. An authenticated normal user can create a tag containing malicious HTML or JavaScript code. This code is stored and later rendered without proper escaping on collection detail and tag-list pages, causing the arbitrary JavaScript to execute in the browsers of all users who view those pages.

Impact Analysis

The vulnerability allows attackers to execute arbitrary JavaScript in the browsers of users who view affected pages. This can lead to session hijacking, theft of sensitive information, defacement, or other malicious actions performed on behalf of the user, potentially compromising user accounts and data.

Detection Guidance

This vulnerability can be detected by checking if your ClipBucket installation is running version 5.5.2-#147 or below and if the Collection tags feature allows authenticated users to create tags containing HTML or JavaScript that are rendered unescaped. Since no specific detection commands or network indicators are provided, a practical approach is to attempt to create a tag with simple JavaScript code as an authenticated user and then view the collection detail or tag-list pages to see if the script executes.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade ClipBucket to version 5.5.2-#152 or later, where the stored Cross-Site Scripting (XSS) issue in the Collection tags feature has been fixed. Until the upgrade is applied, restrict or monitor authenticated users' ability to create tags containing HTML or JavaScript to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62715. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart