CVE-2025-53839 – DRACOON Branding Service Cross-Site Scripting Vulnerability

July 15, 2025

CVE ID : CVE-2025-53839

Published : July 15, 2025, 12:15 a.m. | 2 hours, 36 minutes ago

Description : DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutralization of input from administrative users could inject HTML code into the workflow for newly onboarded users. A fix was made available in version 2.10.0 and rolled out to the DRACOON service. DRACOON customers do not need to take action.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53886 – Directus Session Hijacking Vulnerability

Next Article CVE-2025-53836 – XWiki Rendering Macro Execution Bypass

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

Windows 11 will soon be able to describe images on your screen using AI — and it’ll all be done locally

Marvel Rivals’ swimsuit lineup kicks off this week — with hot new outfits for these characters

iPhone alarm not going off? 6 potential fixes to this annoying issue

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

Windows 11 will soon be able to describe images on your screen using AI — and it’ll all be done locally

Windows 11 will soon be able to describe images on your screen using AI — and it’ll all be done locally

Marvel Rivals’ swimsuit lineup kicks off this week — with hot new outfits for these characters

The Curious Case of AUR Updates Fetching 30 GB of Data for Electron

CVE-2025-53839 – DRACOON Branding Service Cross-Site Scripting Vulnerability

CVE-2025-53834 – Caido Toast UI Component Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2025-53822 – WeGIA Reflected Cross-Site Scripting (XSS)

Windows 11 25H2 adds official bloatware removal option through Group Policy

ChatGPT is back (mostly)! OpenAI outage ends as services recover. (Update)

CVE-2025-4881 – iSourcecode Restaurant Management System SQL Injection

CVE-2025-25014 – Kibana Prototype Pollution Remote Code Execution

CVE-2025-4317 – TheGem WordPress Theme Arbitrary File Upload Vulnerability

This AI Paper from Salesforce Introduces VLM2VEC and MMEB: A Contrastive Framework and Benchmark for Universal Multimodal Embeddings

Google joins OpenAI in adopting Anthropic’s protocol for connecting AI agents – why it matters

South of Midnight review and Metacritic roundup — Here’s what critics are saying about this Xbox folktale adventure

CVE-2025-53839 – DRACOON Branding Service Cross-Site Scripting Vulnerability

Related Posts