git: a69ad955c4bd - main - security/vuxml: Add www/privatebin XSS issue
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 28 Oct 2025 16:26:38 UTC
The branch main has been updated by dvl:
URL: https://cgit.FreeBSD.org/ports/commit/?id=a69ad955c4bd2260df383c402cc21770966d964d
commit a69ad955c4bd2260df383c402cc21770966d964d
Author: Dan Langille <dvl@FreeBSD.org>
AuthorDate: 2025-10-28 16:18:11 +0000
Commit: Dan Langille <dvl@FreeBSD.org>
CommitDate: 2025-10-28 16:26:22 +0000
security/vuxml: Add www/privatebin XSS issue
Security: https://privatebin.info/reports/vulnerability-2025-10-28.html
---
security/vuxml/vuln/2025.xml | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index d65644d579cf..9189027f9ff4 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,30 @@
+ <vuln vid="a8dacd4b-b416-11f0-9f23-ecf4bbefc954">
+ <topic>privatebin - Missing HTML sanitisation of attached filename in file size hint enabling persistent XSS</topic>
+ <affects>
+ <package>
+ <name>privatebin</name>
+ <range><lt>2.0.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PrivateBin reports:</p>
+ <blockquote cite="https://privatebin.info/reports/vulnerability-2025-10-28.html">
+ <p>We've identified an HTML injection/XSS vulnerability in the PrivateBin
+ service that allows the injection of arbitrary HTML markup via the attached
+ filename.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://privatebin.info/reports/vulnerability-2025-10-28.html</url>
+ </references>
+ <dates>
+ <discovery>2025-10-23</discovery>
+ <entry>2025-10-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1f1cf967-b35c-11f0-bce7-bc2411002f50">
<topic>strongSwan -- Heap-based buffer overflow in eap-mschapv2 plugin due to improper handling of failure request packets</topic>
<affects>