CVE-2025-53839: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dracoon security-advisories
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users could inject HTML code into the workflow for newly onboarded users. A fix was made available in version 2.10.0 and rolled out to the DRACOON service. DRACOON customers do not need to take action.
CVE-2025-53839: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dracoon security-advisories
Description
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users could inject HTML code into the workflow for newly onboarded users. A fix was made available in version 2.10.0 and rolled out to the DRACOON service. DRACOON customers do not need to take action.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-09T14:14:52.532Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6876b38da83201eaacd057bf
Added to database: 7/15/2025, 8:01:17 PM
Last updated: 7/15/2025, 8:01:17 PM
Views: 1
Related Threats
CVE-2025-53836: CWE-863: Incorrect Authorization in xwiki xwiki-rendering
CriticalCVE-2025-49829: CWE-862: Missing Authorization in cyberark conjur
MediumCVE-2025-53032: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. in Oracle Corporation MySQL Server
MediumCVE-2025-53031: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. in Oracle Corporation Oracle Financial Services Analytical Applications Infrastructure
MediumCVE-2025-53030: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. in Oracle Corporation Oracle VM VirtualBox
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.