54 matches found
CVE-2026-26028
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...
CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS
Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...
GHSA-G2G4-47GV-P72V CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS
Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...
CVE-2026-26028
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...
CVE-2026-26028 CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...
CVE-2026-26028
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...
CVE-2026-26028
CryptPad suffers a sanitizer bypass in Diffmarked.js prior to 2026.2.0. The HTML sanitizer only enforces the src attribute on iframe, video, and audio tags while treating iframe as restricted rather than forbidden, allowing an attacker to inject arbitrary HTML via srcdoc and defeat bounce sandbox...
CVE-2026-26028 CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...
EUVD-2026-31154
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and elements, leaving all other...
CVE-2026-26028
creationtimestamp| type| source ---|---|--- 2026-05-20 15:52:46+00:00| published-proof-of-concept| https://github.com/cryptpad/cryptpad/security/advisories/GHSA-g2g4-47gv-p72v...
PT-2026-42220
Name of the Vulnerable Software and Affected Versions CryptPad versions prior to 2026.2.0 Description The HTML sanitizer in Diffmarked.js contains a flaw where it fails to properly filter attributes on restricted tags. While the sanitizer validates the src attribute for , , and elements, it does...
CryptPad 跨站脚本漏洞
CryptPad is an open-source collaboration suite developed by CryptPad. Versions of CryptPad prior to 2026.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the HTML cleaner’s incomplete filtering of restricted tag attributes, allowing attackers to inject arbitrary...
CVE-2025-51846
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...
CVE-2025-51846 CryptPad unbounded WebSocket frame flood
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...
CVE-2025-51846 CryptPad unbounded WebSocket frame flood
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...
CVE-2025-51846
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...
CVE-2025-51846
CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...
EUVD-2025-209596
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...
PT-2026-36127
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2...
CryptPad 安全漏洞
CryptPad is an open-source collaboration suite developed by CryptPad. Version 2025.3.1 of CryptPad contains a security vulnerability caused by unlimited WebSocket frame flooding, which could allow remote unauthenticated attackers to significantly degrade or deny services to all users...