CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:26

Type Values Removed Values Added
Summary
  • (es) ClipBucket v5 es una plataforma de código abierto para compartir videos. Antes de la versión 5.5.3 #59, un usuario autenticado normal puede almacenar la carga útil de XSS. La carga útil es activada por el administrador. La versión 5.5.3 #59 corrige el problema.

03 Mar 2026, 20:10

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
First Time Oxygenz clipbucket
Oxygenz
CPE cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*
References () https://github.com/MacWarrior/clipbucket-v5/commit/2da4c8e41f9e4baf47ff89f8a674fbe9b63ac76d - () https://github.com/MacWarrior/clipbucket-v5/commit/2da4c8e41f9e4baf47ff89f8a674fbe9b63ac76d - Patch
References () https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-97r6-4hmx-hcrh - () https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-97r6-4hmx-hcrh - Exploit, Vendor Advisory

27 Feb 2026, 20:21

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-27 20:21

Updated : 2026-06-17 10:26


NVD link : CVE-2026-26997

Mitre link : CVE-2026-26997

CVE.ORG link : CVE-2026-26997


JSON object : View

Products Affected

oxygenz

  • clipbucket
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')