163 matches found
CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...
Design/Logic Flaw
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...
CVE-2021-43802
CVE-2021-43802 affects Etherpad Lite versions before 1.8.16. An attacker can import a crafted .etherpad file to gain admin privileges, enabling installation of a malicious plugin that can execute arbitrary code. Privilege gain relies on triggering or waiting for old express-session state to be de...
CVE-2021-43802 Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...
PT-2021-23944 · Unknown +1 · Express-Session +1
Name of the Vulnerable Software and Affected Versions: Etherpad versions prior to 1.8.16 Description: Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the...
Etherpad 安全漏洞
Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . A security vulnerability exists in Etherpad versions prior to 1.8.16. The vulnerability stems fro...
The vulnerability of the Chat text editor component Etherpad allows a hacker to execute arbitrary JavaScript code or HTML code.
The vulnerability of the Chat text editor component Etherpad exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or HTML code remotely...
The vulnerability of the Etherpad text editor lies in the fact that the introduction or modification of arguments allows a hacker to execute arbitrary code.
The vulnerability of the Etherpad text editor is related to the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
Sql injection
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
Etherpad 1.8.13 has two injection flaws tracked as CVE-2021-34816 (Argument Injection in plugin management) and CVE-2021-34817 (Persistent XSS in chat messages). The Argument Injection flaw arises when an admin installs a plugin; the plugin name is passed to npm install without validation, enabli...
Etherpad 参数注入漏洞
Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . Etherpad version 1.8.13 there is a security vulnerability , the vulnerability stems from a...
Etherpad Cross-Site Scripting Vulnerability
Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...
CVE-2021-34817
A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...
CVE-2021-34817
A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...
Cross site scripting
A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...
CVE-2021-34817
A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...
CVE-2021-34817
CVE-2021-34817 is a documented XSS in Etherpad 1.8.13 where the chat message userId is rendered into HTML without escaping, enabling a crafted pad import to execute arbitrary JavaScript in an admin’s browser. The SonarSource write-up confirms the root cause is an unescaped userId in the chat fron...