3 matches found
CVE-2020-5223
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
CVE-2020-5223 Persistent XSS vulnerability in filename of attached file in PrivateBin
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
CVE-2020-5223
CVE-2020-5223 affects PrivateBin: 1.2.0 before 1.2.2 and 1.3.0 before 1.3.2. The root cause is an unescaped user-provided attachment filename that can inject HTML, enabling a persistent XSS when a paste is viewed (e.g., via cloning). The issue has been fixed in PrivateBin v1.3.2 and v1.2.2. Upgra...