VYPR
Moderate severityNVD Advisory· Published Jan 23, 2020· Updated Aug 4, 2024

Persistent XSS vulnerability in filename of attached file in PrivateBin

CVE-2020-5223

Description

In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
privatebin/privatebinPackagist
< 1.2.21.2.2
privatebin/privatebinPackagist
>= 1.3.0, < 1.3.21.3.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.