CNNVD-202511-1671 Information

CNNVD ID

CNNVD-202511-1671

Related CVE

CVE-2025-64711

• CNNVD Published: 2025-11-13

Description (Chinese)

PrivateBin是PrivateBin项目的一个极简的开源在线粘贴箱。 PrivateBin 1.7.7版本至2.0.3之前版本存在安全漏洞，该漏洞源于拖放文件名中包含HTML时反射到页面，可能导致自我跨站脚本攻击。

Description (English)

PrivateBin is a very simple, open-source online sticker for the PrivateBin project. There was a security loophole in the pre-PreviateBin 1.7.7 to 2.0.3 versions, which resulted from the drag-and-drop of HTML in the file name and reflected on the page, which could lead to a self-stepping script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PrivateBin

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/PrivateBin/PrivateBin/commit/f9550e513381208b36595ee2404e968144bba78b https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-r9x7-7ggj-fx9f

Patch

https://github.com/PrivateBin/PrivateBin/releases