Download Latest Version
Release v1.7.9 - Fix arbitrary PHP file inclusion, HTML injection_XSS vulnerability in filenames of attached files _ self-XSS vulnerabilities source code.tar.gz (768.7 kB)
Get an email when there's a new version of PrivateBin
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| PrivateBin-2.0.3.zip.asc | 2025-11-12 | 833 Bytes | |
| PrivateBin-2.0.3.tar.gz.asc | 2025-11-12 | 833 Bytes | |
| multiple.intoto.jsonl | 2025-11-12 | 21.9 kB | |
| README.md | 2025-11-12 | 861 Bytes | |
| Release v2.0.3 - Fix arbitrary PHP file inclusion _ self-XSS vulnerabilities source code.tar.gz | 2025-11-12 | 786.8 kB | |
| Release v2.0.3 - Fix arbitrary PHP file inclusion _ self-XSS vulnerabilities source code.zip | 2025-11-12 | 949.2 kB | |
| Totals: 6 Items | 1.8 MB | 0 | |
- FIXED: Prevent arbitrary PHP file inclusion when enabling template switching
- FIXED: Malicious filename can be used for self-XSS / HTML injection locally for users
- FIXED: Unable to create a new paste from the cloned one when a JSON file attached (#1585)
This release addresses issues with arbitrary PHP file inclusion when enabling template switching and lacking sanitation of file names when drag-&-dropping files into PrivateBin with malicious filenames. More details on this issue can be found in the security advisories:
