CNNVD-202510-2473 Information
CNNVD ID
CNNVD-202510-2473
Related CVE
- CNNVD Published: 2025-10-17
Description (Chinese)
ClipBucket是MacWarrior开源的一个开源且可免费下载的 PHP 脚本。用于共享视频网站。 ClipBucket 5.5.2 #145版本及之前版本存在跨站脚本漏洞,该漏洞源于多个视频和照片元数据字段未充分清理用户输入,可能导致存储型跨站脚本攻击。
Description (English)
ClipBucket is an open-source, free-of-charge PHP script for MacWarrior. For sharing video sites. ClipBucket 5.5.2 #145 and previous versions have a cross-site script loophole, which stems from multiple video and photo metadata fields that do not adequately clean up user input and may result in storage-type cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
MacWarrior
Published
2025-10-17
Last Modified
2026-02-24
References
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-qrqq-hpf3-9mc9 https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc https://access.redhat.com/security/cve/cve-2025-62430
Patch
https://github.com/MacWarrior/clipbucket-v5/releases
Share on: