XSS Vulnerability in DRACOON Branding Service Affects Customization Features
CVE-2025-53839

Currently unrated

Key Information:

Vendor: DRACOON
Status: DRACOON Branding Service
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-53839?

The DRACOON Branding Service, designed for customizing file sharing interfaces, has a vulnerability affecting versions prior to 2.10.0. This XSS flaw allows malicious administrative input to inject harmful HTML code into the onboarding process for new users. This could lead to unauthorized actions or information exposure. A patch has been released in version 2.10.0, making it crucial for users to update to protect against potential exploits.

References

https://github.com/dracoon/security-advisories/security/a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025