CVE-2022-24833

Name: CVE-2022-24833
Creator: NVD / NIST
Published: 2022-04-11T21:15:08.64+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 1.23%

Last modified Jun 17, 2026

CVE-2022-24833 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. EPSS estimates a 1.23% chance of exploitation in the next 30 days.

Description

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called ZeroBin. The issue is caused by the fact that SVGs can contain JavaScript. This can allow an attacker to execute code, if the user opens a paste with a specifically crafted SVG attachment, and interacts with the preview image and the instance isn't protected by an appropriate content security policy. Users are advised to either upgrade to version 1.4.0 or to ensure the content security policy of their instance is set correctly.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

1.23%

65.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Privatebin	Privatebin	>= 0.21, < 1.4.0

References

https://github.com/PrivateBin/PrivateBin/commit/2a4d572c1e9eb9b608d32b0cc0cb3b6c3b684eabPatch, Third Party Advisory
https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-cqcc-mm6x-vmvwExploit, Third Party Advisory
https://github.com/PrivateBin/PrivateBin/commit/2a4d572c1e9eb9b608d32b0cc0cb3b6c3b684eabPatch, Third Party Advisory
https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-cqcc-mm6x-vmvwExploit, Third Party Advisory

Timeline

Published: Apr 11, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-24833?

How severe is CVE-2022-24833?

CVE-2022-24833 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 1.23% probability of exploitation in the next 30 days.

How do I fix CVE-2022-24833?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-24833?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST