PT-2025-29525 · Racoon · Dracoon Branding Service
Collfuse
·
Published
2025-07-14
·
Updated
2025-07-29
·
CVE-2025-53839
CVSS v3.1
4.0
Medium
| Vector | AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
DRACOON Branding Service versions prior to 2.10.0
Description:
DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface. Versions prior to 2.10.0 are susceptible to cross-site scripting due to improper neutralization of input from administrative users, potentially allowing HTML code injection into the workflow for new users.
Recommendations:
Update to DRACOON Branding Service version 2.10.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dracoon Branding Service