FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

privatebin XSS

Affected packages
privatebin < 2.0.3

Details

VuXML ID 6e1105d8-bfc2-11f0-bb2b-ecf4bbefc954
Discovery 2025-11-09
Entry 2025-11-12

privatebin reports:

Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session (self-XSS). This allows an attacker who can entice a victim to drag or otherwise attach such a file to exfiltrate plaintext, encryption keys, or stored pastes before they are encrypted or sent.

[source]

References

CVE Name CVE-2025-62796
URL https://nvd.nist.gov/vuln/detail/CVE-2025-62796

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.