79 matches found
CVE-2024-39899 PrivateBin allows shortening of URLs for other domains
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...
PrivateBin Security Vulnerability
PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin versions prior to 1.7.4 that stems from exposing authentication tokens to the public without authentication, allowing anyone to break through restrictions imposed by a...
PT-2024-28716 · Unknown +1 · Privatebin +1
Name of the Vulnerable Software and Affected Versions: PrivateBin versions 1.5 through 1.7.3 Description: The issue is related to the YOURLS server-side proxy mechanism introduced in PrivateBin version 1.5. This mechanism allows using the YOURLs URL shortener without exposing the authentication...
Cross-site Scripting (XSS)
privatebin is vulnerable to cross-site scripting. No sanitization in handling Attachment before sending for preview in SVG in AttachmentViewer allows malicious script execution in instance context...
CVE-2022-24833
PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...
Cross site scripting
PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...
CVE-2022-24833
CVE-2022-24833 is a Persistent XSS in PrivateBin caused by SVG attachments with JavaScript before v1.4.0. The issue originates from how image previews were rendered for attachments (introduced around v0.21) and could execute code when a user opened a crafted SVG, bypassed or mishandled CSP. Affec...
CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin
PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...
CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin
PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...
CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin
PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...
PrivateBin 跨站脚本漏洞
PrivateBin is a minimalist open source online pastebin. PrivateBin versions prior to 1.4.0 have a cross-site scripting vulnerability , the vulnerability stems from the SVG can contain JavaScript. attackers use this vulnerability to execute code...
Cross-Site Scripting (XSS)
privatebin/privatebin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the filename of an attachment...
CVE-2020-5223
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
CVE-2020-5223
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
Cross site scripting
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
CVE-2020-5223 Persistent XSS vulnerability in filename of attached file in PrivateBin
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting XSS vulnerability. The vulnerability has been fixed in PrivateBin...
CVE-2020-5223
CVE-2020-5223 affects PrivateBin: 1.2.0 before 1.2.2 and 1.3.0 before 1.3.2. The root cause is an unescaped user-provided attachment filename that can inject HTML, enabling a persistent XSS when a paste is viewed (e.g., via cloning). The issue has been fixed in PrivateBin v1.3.2 and v1.2.2. Upgra...
Persistent XSS vulnerability in filename of attached file in PrivateBin
On 24th of December 2019 one of the property based unit tests reported a failure. Upon investigation, @elrido discovered that the failure was due to unescaped HTML, which allowed the user provided attachment file name to inject HTML under certain conditions leading to a persistent Cross-site...
GHSA-8J72-P2WM-6738 Persistent XSS vulnerability in filename of attached file in PrivateBin
On 24th of December 2019 one of the property based unit tests reported a failure. Upon investigation, @elrido discovered that the failure was due to unescaped HTML, which allowed the user provided attachment file name to inject HTML under certain conditions leading to a persistent Cross-site...