CVE-2025-62796 | PrivateBin up to 2.0.1 Content Security Policy attachment_name cross site scripting

A vulnerability marked as problematic has been reported in PrivateBin up to 2.0.1. Affected by this vulnerability is an unknown functionality of the component Content Security Policy Handler. The manipulation of the argument attachment_name leads to basic cross site scripting.

This vulnerability is documented as CVE-2025-62796. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More