2 matches found
CVE-2021-34817
A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...
CVE-2021-34817
CVE-2021-34817 is a documented XSS in Etherpad 1.8.13 where the chat message userId is rendered into HTML without escaping, enabling a crafted pad import to execute arbitrary JavaScript in an admin’s browser. The SonarSource write-up confirms the root cause is an unescaped userId in the chat fron...