9 matches found
CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field
Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...
EUVD-2025-21397
Malicious code in bioql PyPI...
CVE-2025-53839
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users...
CVE-2025-53839 DRACOON Branding Service vulnerable to Cross-site Scripting
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users...
CVE-2025-53839
CVE-2025-53839 affects DRACOON Branding Service (pre-2.10.0). The vulnerability is cross-site scripting caused by improper neutralization of input from administrative users, potentially injecting HTML into the workflow for newly onboarded users. A fix was made available in version 2.10.0 and roll...
CVE-2025-53839 DRACOON Branding Service vulnerable to Cross-site Scripting
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users...
CVE-2025-53839 DRACOON Branding Service vulnerable to Cross-site Scripting
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users...
PT-2025-29525 · Racoon · Dracoon Branding Service
Name of the Vulnerable Software and Affected Versions: DRACOON Branding Service versions prior to 2.10.0 Description: DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface. Versions prior to 2.10.0 are susceptible to cross-site...
DRACOON Branding Service 跨站脚本漏洞
DRACOON Branding Service is a branding customization software from DRACOON Germany. A cross-site scripting vulnerability exists in DRACOON Branding Service versions prior to 2.10.0 that stems from improper input neutralization and could lead to a cross-site scripting attack...