CNNVD-202510-3772 Information
Oct 28, 2025
cve
CNNVD ID
CNNVD-202510-3772
Related CVE
- CNNVD Published: 2025-10-28
Description (Chinese)
PrivateBin是PrivateBin项目的一个极简的开源在线粘贴箱。 PrivateBin 1.7.7版本至2.0.1版本存在安全漏洞,该漏洞源于未清理附件文件名,可能导致HTML注入攻击。
Description (English)
PrivateBin is a very simple, open-source online sticker for the PrivateBin project. There is a security loophole between versions 1.7.7 and 2.0.1 of PrivateBin, which stems from the uncleaned name of the attached document, which could lead to an HTML injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
PrivateBin
Published
2025-10-28
Last Modified
2026-02-24
References
https://github.com/PrivateBin/PrivateBin/pull/1550 https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-867c-p784-5q6g https://github.com/PrivateBin/PrivateBin/commit/c4f8482b3072be7ae012cace1b3f5658dcc3b42e https://access.redhat.com/security/cve/cve-2025-62796
Patch
https://github.com/PrivateBin/PrivateBin/releases
Share on: