CVE-2025-64339 ClipBucket v5: Stored XSS Vulnerability in Manage Playlists

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting XSS,specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containi...

CVE-2025-64339 ClipBucket v5: Stored XSS Vulnerability in Manage Playlists

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting XSS,specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containi...

CVE-2025-64339

Summary: ClipBucket v5 is affected by a stored XSS in the Manage Playlists feature, specifically in the Playlist Name field, for versions 5.5.2-#146 and below. An authenticated, low-privileged user can create a playlist with a malicious name that renders HTML/JavaScript unescaped on playlist deta...

CVE-2025-64339 ClipBucket v5: Stored XSS Vulnerability in Manage Playlists

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting XSS,specifically in the Playlist Name field. An authenticated low-privileged user can create a playlist with a malicious name containi...

ClipBucket V5 跨站脚本漏洞

ClipBucket V5 is a video hosting platform for MacWarrior individual developers. A cross-site scripting vulnerability exists in ClipBucket V5 5.5.2-146 and prior versions, which stems from the Playlist Name field not being properly cleaned and escaped, and could lead to a stored cross-site scripti...

PT-2025-45408

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2-146 and below Description ClipBucket is a video sharing platform. Versions 5.5.2-146 and below have a stored Cross-site Scripting XSS issue in the Manage Playlists feature. Specifically, the Playlist Name field allows...

EUVD-2022-38942

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-47184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored...

UBUNTU-CVE-2024-47184

Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue...

CVE-2024-47184 Ampache vulnerable to Stored XSS via Democratic Playlist Name

Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue...

CVE-2024-47184

CVE-2024-47184 affects Ampache prior to version 6.6.0, where the Democratic Playlist Name is vulnerable to stored cross-site scripting. The issue is fixed in 6.6.0. Vulnerable component: Ampache web-based audio/video streaming application and file manager; root cause: stored XSS in Democratic Pla...

PT-2024-32466 · Ampache · Ampache

Name of the Vulnerable Software and Affected Versions: Ampache versions prior to 6.6.0 Description: Ampache is a web-based audio/video streaming application and file manager. The Democratic Playlist Name is vulnerable to a stored cross-site scripting issue. Recommendations: For versions prior to...

PT-2024-28472 · WordPress · Playlist For Youtube Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Playlist for Youtube WordPress plugin versions 1.32 and earlier Description: The issue concerns a Stored Cross-Site Scripting attack. High privilege users, such as admins, can exploit this even when the unfiltered html capability is disallowe...

Jellyfin Web Cross-Site Scripting (XSS) via Playlist Name

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

Design/Logic Flaw

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account...

CVE-2022-36223

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account...

PYSEC-2017-100

Cross-site scripting XSS vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist...

RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow

No description provided by source. $Id: realplayerimport.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...