Primary

Context

ClipBucket Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in ClipBucket version 5.5.3 #58 and prior. This issue allows a normal authenticated user to inject an XSS payload, which is then executed when an administrator interacts with the affected collection. The vulnerability arises from insufficient input sanitization in the collection management feature.

Impact

Exploitation of this vulnerability allows for arbitrary JavaScript execution in the context of the administrator.

Reproduction

To reproduce this vulnerability, log in as a normal user and navigate to the 'Manage Collections' page. Create a new collection and enter an XSS payload in the 'Collection Name' field. After saving the collection, add a video to it to make it visible to others. Finally, log in as an administrator, go to the notifications page, and click on 'Flagged Collections' to trigger the XSS payload.

Remediation

Users can update to ClipBucket version 5.5.3 #59 or later, where this vulnerability has been fixed.

Added: Feb 27, 2026, 8:31 PM

Updated: Feb 27, 2026, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

6.3

remediation

7.7

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

6.3

remediation

7.7

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ClipBucket Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

ClipBucket

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating