Lucene search

CVE-2018-6834

🗓️ 08 Feb 2018 07:01:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 27 Views🌐 WEB

static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 4
OSV	CVE-2018-6834	8 Feb 201807:29	–	osv
Cvelist	CVE-2018-6834	8 Feb 201807:00	–	cvelist
NVD	CVE-2018-6834	8 Feb 201807:29	–	nvd
Prion	Design/Logic Flaw	8 Feb 201807:29	–	prion

Nvd

Node

etherpad etherpad_liteRange<1.6.3

Source	Link
github	www.github.com/ether/etherpad-lite/commit/a03422b09468cdd5f192b05643311c705447588b
github	www.github.com/ether/etherpad-lite/releases/tag/1.6.3

Parameter	Position	Path	Description	CWE
window.location.href	nested	static/js/pad_utils.js	XSS vulnerability via manipulation of the window.location.href in Etherpad Lite before v1.6.3.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2018 07:29Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

CVSS36.1

EPSS0.00328

CWE-79