Collfuse

Name of the Vulnerable Software and Affected Versions: DRACOON Branding Service versions prior to 2.10.0 Description: DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface. Versions prior to 2.10.0 are susceptible to cross-site scripting due to improper neutralization of input from administrative users, potentially allowing HTML code injection into the workflow for new users. Recommendations: Update to DRACOON Branding Service version 2.10.0 or later.