Low severityNVD Advisory· Published Nov 13, 2025· Updated Nov 13, 2025

PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

CVE-2025-64711

Description

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session (self-XSS). This allows an attacker who can entice a victim to drag or otherwise attach such a file to exfiltrate plaintext, encryption keys, or stored pastes before they are encrypted or sent. Certain conditions must exist for the vulnerability to be exploitable. Only macOS or Linux users are affected, due to the way the > character is treated in a file name on Windows. The PrivateBin instance needs to have file upload enabled. An attacker needs to have access to the local file system or somehow convince the user to create (or download) a malicious file (name). An attacker needs to convince the user to attach that malicious file to PrivateBin. Any Mac / Linux user who can be tricked into dragging a maliciously named file into the editor is impacted; code runs in the origin of the PrivateBin instance they are using. Attackers can steal plaintext, passphrases, or manipulate the UI before data is encrypted, defeating the zero-knowledge guarantees for that victim session, assuming counter-measures like Content-Security-Policy (CSP) have been disabled. If CSP is not disabled, HTML injection attacks may be possible - like redirecting to a foreign website, phishing etc. As the whole exploit needs to be included in the file name of the attached file and only affects the local session of the user (aka it is neither persistent nor remotely executable) and that user needs to interact and actively attach that file to the paste, the impact is considered to be practically low. Version 2.0.3 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Self-XSS in PrivateBin 1.7.7–2.0.2 via crafted filenames, allowing JavaScript execution when a file is dragged into the editor.

Vulnerability

PrivateBin versions 1.7.7 through 2.0.2 reflect HTML content from a file's filename verbatim into the page through the drag-and-drop helper. If a filename contains JavaScript code, it executes in the user's session as a self-XSS attack [1][2].

Exploitation

Successful exploitation requires the victim to use macOS or Linux (Windows forbids the > character in filenames), the instance must have file uploads enabled, and the attacker must trick the user into dragging or attaching a maliciously named file [1][2]. The attacker needs local file system access or ability to convince the user to download or create the malicious file.

Impact

If the instance's Content-Security-Policy (CSP) is disabled, the attacker can steal plaintext, encryption keys, or manipulate the UI before data is encrypted, undermining PrivateBin's zero-knowledge promise [1][2]. Even with CSP enabled, HTML injection attacks like phishing are possible. The self-XSS is local to the victim's session and not persistent.

Mitigation

Version 2.0.3 patches the vulnerability by properly sanitizing filenames [2]. Users should update to 2.0.3 or later. Keeping CSP enabled reduces the attack surface [1].

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
privatebin/privatebinPackagist	>= 1.7.7, < 2.0.3	2.0.3

Affected products

Privatebin/Privatebinllm-fuzzy
Range: >=1.7.7, <2.0.3
PrivateBin/PrivateBinv5
Range: >= 1.7.7, < 2.0.3

Patches

f9550e513381

Merge commit from fork

https://github.com/PrivateBin/PrivateBinEl RIDONov 12, 2025via ghsa

commit

3 files changed · +9 −3

CHANGELOG.md+1 −0 modified

@@ -1,6 +1,7 @@
 # PrivateBin version history
 
 ## 2.0.3 (not yet released)
+* FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users
 * FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)
 
 ## 2.0.2 (2025-10-28)

js/privatebin.js+7 −2 modified

@@ -3086,10 +3086,15 @@ jQuery.PrivateBin = (function($) {
          * @name AttachmentViewer.printDragAndDropFileNames
          * @private
          * @function
-         * @param {array} fileNames
+         * @param {string[]} fileNames
          */
         function printDragAndDropFileNames(fileNames) {
-            $dragAndDropFileNames.html(fileNames.join('<br>'));
+            $dragAndDropFileNames.empty();
+            fileNames.forEach(fileName => {
+                const name = document.createTextNode(fileName);
+                $dragAndDropFileNames[0].appendChild(name);
+                $dragAndDropFileNames[0].appendChild(document.createElement('br'));
+            });
         }
 
         /**

lib/Configuration.php+1 −1 modified

@@ -121,7 +121,7 @@ class Configuration
             'js/kjua-0.10.0.js'      => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==',
             'js/legacy.js'           => 'sha512-rGXYUpIqbFoHAgBXZ0UlJBdNAIMOC9EQ67MG0X46D5uRB8LvwzgKirbSQRGdYfk8I2jsUcm+tvHXYboUnC6DUg==',
             'js/prettify.js'         => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
-            'js/privatebin.js'       => 'sha512-D7wsi3HMNnYlVtwljJLWI5VSxAydg6E+6OfggGcZ8xV6kSpVzy7RHzefKBXcVIfGgwBU5bjDjtIrUQ3eNJQpGQ==',
+            'js/privatebin.js'       => 'sha512-ZwoUDxBdEE+zNoGqr9o7X7CJYS4JStEeNvcOnhz69YVbXjiibNoYSY7i3vc6MLI3M/K1K6sIUmSFm8sjoUdF5Q==',
             'js/purify-3.3.0.js'     => 'sha512-lsHD5zxs4lu/NDzaaibe27Vd2t7Cy9JQ3qDHUvDfb4oZvKoWDNEhwUY+4bT3R68cGgpgCYp8U1x2ifeVxqurdQ==',
             'js/showdown-2.1.0.js'   => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
             'js/zlib-1.3.1-1.js'     => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/advisories/GHSA-r9x7-7ggj-fx9fghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-64711ghsaADVISORY
github.com/PrivateBin/PrivateBin/commit/f9550e513381208b36595ee2404e968144bba78bghsax_refsource_MISCWEB
github.com/PrivateBin/PrivateBin/security/advisories/GHSA-r9x7-7ggj-fx9fghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000