漏洞标题
PrivateBin中附件文件的文件名存在持久性XSS漏洞
漏洞描述信息
PrivateBin中附件文件的文件名存在持久性XSS漏洞
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Persistent XSS vulnerability in filename of attached file in PrivateBin
漏洞描述信息
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users.
CVSS信息
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
PrivateBin 跨站脚本漏洞
漏洞描述信息
PrivateBin 1.2.2之前的1.2.0版本和1.3.2之前的1.3.0版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞进行HTML注入。
CVSS信息
N/A
漏洞类别
跨站脚本