Lucene search
K

163 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.6 views

CVE-2021-43802

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

9.9CVSS7.5AI score0.01995EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-34817

A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...

6.1CVSS5.8AI score0.01343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 p.m.6 views

CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

7.2CVSS8AI score0.02229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.7 views

CVE-2019-18209

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...

6.1CVSS6.1AI score0.00679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:19 a.m.7 views

CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

9.8CVSS7.4AI score0.02216EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.238 views

EtherPAD Duo Login Bruteforce Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EtherPAD Duo Login Bruteforce Utility', 'Description' = % This module scans for EtherPAD Duo login portal, and performs a login bruteforce attack...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.4 views

SUSE CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

9.8CVSS7.3AI score0.02216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3297

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests...

7.5CVSS7AI score0.04955EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3309

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. dot dot in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete...

7.5CVSS6.9AI score0.02318EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.5 views

SUSE CVE-2015-4085

Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1...

7.5CVSS7AI score0.0232EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.7 views

SUSE CVE-2018-6835

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS9.4AI score0.0233EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.7 views

SUSE CVE-2018-6834

static/js/padutils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href...

6.1CVSS6AI score0.00898EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-9326

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...

9.8CVSS9.8AI score0.01988EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-9325

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...

7.5CVSS7.6AI score0.01186EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.6 views

SUSE CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

8.1CVSS8.5AI score0.0158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-9845

Etherpad Lite before 1.6.4 is exploitable for admin access...

9.8CVSS9.6AI score0.13132EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:53 a.m.27 views

GHSA-MVMV-RQ2J-97P2 Etherpad Lite Access Restriction Bypass

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS9.4AI score0.0233EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:53 a.m.23 views

Etherpad Lite Access Restriction Bypass

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS7AI score0.0233EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/12/13 4:3 a.m.13 views

Privilege Escalation

github.com/ether/etherpad-lite is vulnerable to Privilege Escalation. The library does not properly validate the .etherpad import files, allowing an attacker to gain admin privileges and execute arbitrary code using malicious crafted import file...

9.9CVSS5.7AI score0.01995EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/12/09 11:15 p.m.23 views

CVE-2021-43802

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

9.9CVSS0.01995EPSS
Exploits0References4
Rows per page
Query Builder