Lucene search
K

163 matches found

NVD
NVD
added 2018/02/08 7:29 a.m.16 views

CVE-2018-6834

static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...

6.1CVSS6AI score0.00898EPSS
Exploits0References2
OSV
OSV
added 2018/02/08 7:29 a.m.21 views

CVE-2018-6835

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS7.2AI score
Exploits0References2
OSV
OSV
added 2018/02/08 7:29 a.m.10 views

CVE-2018-6834

static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...

6.1CVSS5.9AI score
Exploits0References2
Prion
Prion
added 2018/02/08 7:29 a.m.16 views

Design/Logic Flaw

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

7.5CVSS9.4AI score0.0233EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/02/08 7:29 a.m.15 views

Design/Logic Flaw

static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...

4.3CVSS5.9AI score0.00898EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/02/08 7:0 a.m.55 views

CVE-2018-6835

Etherpad Lite before v1.6.3 contains a vulnerability in node/hooks/express/apicalls.js where JSONP is mishandled, allowing remote attackers to bypass intended access restrictions. The issue is tied to CVE-2018-6835. Affected software/version details from connected sources indicate the fix was rel...

9.8CVSS9.4AI score0.0233EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/02/08 7:0 a.m.29 views

CVE-2018-6835

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.5AI score0.0233EPSS
Exploits1References2
CVE
CVE
added 2018/02/08 7:0 a.m.39 views

CVE-2018-6834

Consolidated details show Etherpad Lite before v1.6.3 is vulnerable to Cross‑Site Scripting via static/js/pad_utils.js (pad_utils.js) triggered by window.location.href. The issue is documented across multiple sources (NVD, CNVD, OSV, SUSE, CNVD variants) with the affected component identified as ...

6.1CVSS5.9AI score0.00898EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/02/08 7:0 a.m.20 views

CVE-2018-6834

static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...

6AI score0.00898EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/01/12 5:0 p.m.21 views

CVE-2015-2298

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID...

7.3AI score0.02327EPSS
Exploits0References3
CVE
CVE
added 2018/01/12 5:0 p.m.50 views

CVE-2015-2298

The vulnerability CVE-2015-2298 affects Etherpad Lite 1.5.x prior to 1.5.2, specifically in node/utils/ExportEtherpad.js. A flawed substring check when exporting a padID can allow a remote attacker to obtain sensitive information from the pad. This is a client-tolerated information disclosure ris...

7.5CVSS7.2AI score0.02327EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/09/08 12:0 a.m.5 views

Etherpad Directory Traversal Vulnerability

Etherpad is the Etherpad Foundation's open source rich-text online collaboration software . frontend tests is one of the front-end test component . A directory traversal vulnerability exists in the node/hooks/express/tests.js file in versions of Etherpad frontend tests prior to 1.6.1. An attacker...

7.5CVSS7.6AI score0.0232EPSS
Exploits0References1
Prion
Prion
added 2017/09/07 8:29 p.m.18 views

Directory traversal

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...

5CVSS7.1AI score0.0232EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/09/07 8:29 p.m.15 views

CVE-2015-4085

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...

7.5CVSS7.6AI score0.0232EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/09/07 8:0 p.m.17 views

CVE-2015-4085

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...

7.5AI score0.0232EPSS
Exploits0References2
CVE
CVE
added 2017/09/07 8:0 p.m.46 views

CVE-2015-4085

CVE-2015-4085 is a directory traversal vulnerability in Etherpad frontend tests (node/hooks/express/tests.js) affecting Etherpad frontend tests prior to version 1.6.1. Exploitation could allow an attacker to browse files, impacting confidentiality (Partial). The issue is documented across multipl...

7.5CVSS7.5AI score0.0232EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/07/07 4:29 p.m.20 views

CVE-2015-3297

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

7.5CVSS7.5AI score0.04955EPSS
Exploits0References4
Prion
Prion
added 2017/07/07 4:29 p.m.21 views

Directory traversal

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

5CVSS7.5AI score0.04955EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/07/07 4:0 p.m.26 views

CVE-2015-3297

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

7.5AI score0.04955EPSS
Exploits0References4
CVE
CVE
added 2017/07/07 4:0 p.m.44 views

CVE-2015-3297

Etherpad exposes a directory traversal flaw in Minify.js (node/utils/Minify.js) affecting Etherpad versions 1.1.1–1.5.2. The root cause is unsafely constructed path handling where backslashes are replaced with slashes in the path parameter of HTTP API requests, enabling read access to arbitrary f...

7.5CVSS7.5AI score0.04955EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder