{"uuid": "da594167-cfea-4a1a-a0e7-88333d11e699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-5223", "type": "seen", "source": "https://t.me/cveNotify/393", "content": "\ud83d\udea8 CVE-2020-5223\nIn PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-23T08:37:38.000000Z"}