admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-23 02:01:15 +00:00
parent 5bc9edbed0
commit e10af35dbd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2020/5xxx/CVE-2020-5223.json
View File

@ -38,7 +38,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible.\n\nUnder certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. \n\nThe vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users." "value": "In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users."
} }
] ]
}, },
@ -98,4 +98,4 @@
"advisory": "GHSA-8j72-p2wm-6738", "advisory": "GHSA-8j72-p2wm-6738",
"discovery": "UNKNOWN" "discovery": "UNKNOWN"
} }
} }