3 matches found
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
CVE-2019-18209 affects Etherpad-Lite 1.7.5, with XSS in templates/pad.html when the browser does not encode the URL path (demonstrated in Internet Explorer). The root cause is lack of proper validation/encoding of client-side data in that page. Public disclosures in multiple feeds confirm the iss...