Dropbox: Disclose anonymous accessible link on embedded files in paper dropbox sessions

This report described some of the behavior of the integration between Dropbox and Dropbox Paper. In particular, when embedding a Dropbox file into Dropbox Paper, this implicitly creates a link to that file see https://www.dropbox.com/help/files-folders/view-only-access and embeds it within the...

Dropbox: Dropbox Paper - Markdown XSS

Hello, Today I took a look at Dropbox Paper and noticed there is an option to export/download the project as a Markdown or word docx document. I noticed it doesn't filter any kind of Markdown escaping, meaning when parsed after download will let us execute client side code. equivallent to arbrita...

Dropbox Paper Beta - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Dropbox Paper Beta published at the 'play' market has multiple vulnerabilities...