FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

privatebin - Missing HTML sanitisation of attached filename in file size hint enabling persistent XSS

Affected packages
privatebin < 2.0.2

Details

VuXML ID a8dacd4b-b416-11f0-9f23-ecf4bbefc954
Discovery 2025-10-23
Entry 2025-10-28

PrivateBin reports:

We've identified an HTML injection/XSS vulnerability in the PrivateBin service that allows the injection of arbitrary HTML markup via the attached filename.

[source]

References

CVE Name CVE-2025-62796
URL https://www.cve.org/CVERecord?id=CVE-2025-62796

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.