163 matches found
CVE-2018-6834
static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...
CVE-2018-6835
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...
CVE-2018-6834
static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...
Design/Logic Flaw
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...
Design/Logic Flaw
static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...
CVE-2018-6835
Etherpad Lite before v1.6.3 contains a vulnerability in node/hooks/express/apicalls.js where JSONP is mishandled, allowing remote attackers to bypass intended access restrictions. The issue is tied to CVE-2018-6835. Affected software/version details from connected sources indicate the fix was rel...
CVE-2018-6835
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...
CVE-2018-6834
Consolidated details show Etherpad Lite before v1.6.3 is vulnerable to Cross‑Site Scripting via static/js/pad_utils.js (pad_utils.js) triggered by window.location.href. The issue is documented across multiple sources (NVD, CNVD, OSV, SUSE, CNVD variants) with the affected component identified as ...
CVE-2018-6834
static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...
CVE-2015-2298
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID...
CVE-2015-2298
The vulnerability CVE-2015-2298 affects Etherpad Lite 1.5.x prior to 1.5.2, specifically in node/utils/ExportEtherpad.js. A flawed substring check when exporting a padID can allow a remote attacker to obtain sensitive information from the pad. This is a client-tolerated information disclosure ris...
Etherpad Directory Traversal Vulnerability
Etherpad is the Etherpad Foundation's open source rich-text online collaboration software . frontend tests is one of the front-end test component . A directory traversal vulnerability exists in the node/hooks/express/tests.js file in versions of Etherpad frontend tests prior to 1.6.1. An attacker...
Directory traversal
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...
CVE-2015-4085
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...
CVE-2015-4085
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...
CVE-2015-4085
CVE-2015-4085 is a directory traversal vulnerability in Etherpad frontend tests (node/hooks/express/tests.js) affecting Etherpad frontend tests prior to version 1.6.1. Exploitation could allow an attacker to browse files, impacting confidentiality (Partial). The issue is documented across multipl...
CVE-2015-3297
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...
Directory traversal
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...
CVE-2015-3297
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...
CVE-2015-3297
Etherpad exposes a directory traversal flaw in Minify.js (node/utils/Minify.js) affecting Etherpad versions 1.1.1–1.5.2. The root cause is unsafely constructed path handling where backslashes are replaced with slashes in the path parameter of HTTP API requests, enabling read access to arbitrary f...