Lucene search
+L

79 matches found

osv
osv
added 2024/07/09 6:57 p.m.25 views

CVE-2024-39899 PrivateBin allows shortening of URLs for other domains

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

5.3CVSS6.8AI score0.00627EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/07/09 12:0 a.m.3 views

PrivateBin Security Vulnerability

PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin versions prior to 1.7.4 that stems from exposing authentication tokens to the public without authentication, allowing anyone to break through restrictions imposed by a...

5.3CVSS6.9AI score0.00627EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/07/09 12:0 a.m.6 views

PT-2024-28716 · Unknown +1 · Privatebin +1

Name of the Vulnerable Software and Affected Versions: PrivateBin versions 1.5 through 1.7.3 Description: The issue is related to the YOURLS server-side proxy mechanism introduced in PrivateBin version 1.5. This mechanism allows using the YOURLs URL shortener without exposing the authentication...

6.9CVSS7.4AI score0.00627EPSS
Exploits0References11
veracode
veracode
added 2022/04/12 7:7 a.m.43 views

Cross-site Scripting (XSS)

privatebin is vulnerable to cross-site scripting. No sanitization in handling Attachment before sending for preview in SVG in AttachmentViewer allows malicious script execution in instance context...

8.2CVSS1.9AI score0.01271EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2022/04/11 9:15 p.m.35 views

CVE-2022-24833

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

8.2CVSS0.01271EPSS
Exploits1References2
prion
prion
added 2022/04/11 9:15 p.m.31 views

Cross site scripting

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

4.3CVSS5.8AI score0.01271EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/04/11 8:20 p.m.100 views

CVE-2022-24833

CVE-2022-24833 is a Persistent XSS in PrivateBin caused by SVG attachments with JavaScript before v1.4.0. The issue originates from how image previews were rendered for attachments (introduced around v0.21) and could execute code when a user opened a crafted SVG, bypassed or mishandled CSP. Affec...

8.2CVSS6AI score0.01271EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2022/04/11 8:20 p.m.7 views

CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

8.2CVSS7.3AI score0.01271EPSS
Exploits1References2
cvelist
cvelist
added 2022/04/11 8:20 p.m.40 views

CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

8.2CVSS7.5AI score0.01271EPSS
Exploits1References2
osv
osv
added 2022/04/11 8:20 p.m.36 views

CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

8.2CVSS6.3AI score0.01271EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/04/11 12:0 a.m.3 views

PrivateBin 跨站脚本漏洞

PrivateBin is a minimalist open source online pastebin. PrivateBin versions prior to 1.4.0 have a cross-site scripting vulnerability , the vulnerability stems from the SVG can contain JavaScript. attackers use this vulnerability to execute code...

8.2CVSS6.9AI score0.01271EPSS
Exploits1References3
veracode
veracode
added 2020/01/23 7:43 a.m.24 views

Cross-Site Scripting (XSS)

privatebin/privatebin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filename of an attachment...

6.1CVSS4.3AI score0.00658EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2020/01/23 2:15 a.m.22 views

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

6.1CVSS5.9AI score0.00658EPSS
Exploits1References4
osv
osv
added 2020/01/23 2:15 a.m.12 views

CVE-2020-5223

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

4.4CVSS4.5AI score
Exploits0References4
prion
prion
added 2020/01/23 2:15 a.m.11 views

Cross site scripting

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

2.1CVSS4.4AI score0.00658EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2020/01/23 1:35 a.m.29 views

CVE-2020-5223 Persistent XSS vulnerability in filename of attached file in PrivateBin

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...

6.1CVSS5.9AI score0.00658EPSS
Exploits1References4
cve
cve
added 2020/01/23 1:35 a.m.99 views

CVE-2020-5223

CVE-2020-5223 affects PrivateBin: 1.2.0 before 1.2.2 and 1.3.0 before 1.3.2. The root cause is an unescaped user-provided attachment filename that can inject HTML, enabling a persistent XSS when a paste is viewed (e.g., via cloning). The issue has been fixed in PrivateBin v1.3.2 and v1.2.2. Upgra...

6.1CVSS4.7AI score0.00658EPSS
Exploits1References4Affected Software1
github
github
added 2020/01/14 8:19 p.m.152 views

Persistent XSS vulnerability in filename of attached file in PrivateBin

On 24th of December 2019 one of the property based unit tests reported a failure. Upon investigation, @elrido discovered that the failure was due to unescaped HTML, which allowed the user provided attachment file name to inject HTML under certain conditions leading to a persistent Cross-site...

6.1CVSS5.2AI score0.00658EPSS
Exploits1References6Affected Software1
osv
osv
added 2020/01/14 8:19 p.m.70 views

GHSA-8J72-P2WM-6738 Persistent XSS vulnerability in filename of attached file in PrivateBin

On 24th of December 2019 one of the property based unit tests reported a failure. Upon investigation, @elrido discovered that the failure was due to unescaped HTML, which allowed the user provided attachment file name to inject HTML under certain conditions leading to a persistent Cross-site...

6.1CVSS5.8AI score0.00658EPSS
Exploits1References5
Rows per page
Query Builder