163 matches found
Command injection
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...
CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation...
UBUNTU-CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation...
CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...
CVE-2013-7380
The Etherpad Lite ep_imageconvert Plugin for Etherpad Lite is affected by a Remote Command Injection vulnerability. Affected: ep_imageconvert
Etherpad-Lite Cross-Site Scripting Vulnerability
Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A cross-site scripting vulnerability exists in the templates/pad.html page in Etherpad-Lite version 1.7.5, which stems from a lack of proper validation of client-side data in the WEB application and can be...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
Default credentials
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
CVE-2019-18209 affects Etherpad-Lite 1.7.5, with XSS in templates/pad.html when the browser does not encode the URL path (demonstrated in Internet Explorer). The root cause is lack of proper validation/encoding of client-side data in that page. Public disclosures in multiple feeds confirm the iss...
Etherpad Lite Access Control Bypass Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A security vulnerability exists in the webaccess.js file in Etherpad Lite versions prior to 1.6.4. A remote attacker can exploit this vulnerability by sending a specially crafted request to...
Design/Logic Flaw
Etherpad Lite before 1.6.4 is exploitable for admin access...
CVE-2018-9845
Etherpad Lite before 1.6.4 is exploitable for admin access...
CVE-2018-9845
Etherpad Lite before 1.6.4 is exploitable for admin access...
CVE-2018-9845
Etherpad Lite before 1.6.4 is exploitable for admin access...
CVE-2018-9845
Etherpad Lite before version 1.6.4 is vulnerable to an admin authentication bypass that allows an attacker to gain admin access. The issue is documented across multiple sources (NVD, Nuclei template, SUSE, CNVD, OSV, etc.) with the root cause described as an admin-privilege bypass affecting Ether...
Etherpad Arbitrary Code Execution Vulnerability
Etherpad is a Web-based online document collaboration tool. Multiple users can write a text document simultaneously via Etherpad and see real-time edits from all participants. An arbitrary code execution vulnerability exists in Etherpad 1.5.x and 1.6.x before 1.6.4. An attacker can exploit this...
Etherpad Arbitrary Code Execution Vulnerability (CNVD-2018-08480)
Etherpad is a Web-based online document collaboration tool. Multiple users can write a text document simultaneously via Etherpad and see real-time edits from all participants. An arbitrary code execution vulnerability exists in Etherpad 1.6.3. An attacker can exploit this vulnerability to execute...
CVE-2018-9325
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...