Lucene search
K

163 matches found

OSV
OSV
added 2021/12/09 11:15 p.m.11 views

CVE-2021-43802

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

8.8CVSS7.5AI score
Exploits0References4
Prion
Prion
added 2021/12/09 11:15 p.m.21 views

Design/Logic Flaw

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

9CVSS8.9AI score0.01995EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/12/09 10:35 p.m.45 views

CVE-2021-43802

CVE-2021-43802 affects Etherpad Lite versions before 1.8.16. An attacker can import a crafted .etherpad file to gain admin privileges, enabling installation of a malicious plugin that can execute arbitrary code. Privilege gain relies on triggering or waiting for old express-session state to be de...

9.9CVSS9AI score0.01995EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/12/09 10:35 p.m.25 views

CVE-2021-43802 Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...

9.9CVSS9.8AI score0.01995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/12/09 12:0 a.m.5 views

PT-2021-23944 · Unknown +1 · Express-Session +1

Name of the Vulnerable Software and Affected Versions: Etherpad versions prior to 1.8.16 Description: Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the...

9.9CVSS9.2AI score0.01995EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.4 views

Etherpad 安全漏洞

Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . A security vulnerability exists in Etherpad versions prior to 1.8.16. The vulnerability stems fro...

9.9CVSS8.1AI score0.01995EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/09/29 12:0 a.m.3 views

The vulnerability of the Chat text editor component Etherpad allows a hacker to execute arbitrary JavaScript code or HTML code.

The vulnerability of the Chat text editor component Etherpad exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or HTML code remotely...

6.1CVSS6.9AI score0.01343EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/29 12:0 a.m.6 views

The vulnerability of the Etherpad text editor lies in the fact that the introduction or modification of arguments allows a hacker to execute arbitrary code.

The vulnerability of the Etherpad text editor is related to the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.2CVSS7.4AI score0.02229EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/07/21 6:15 p.m.18 views

CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

7.2CVSS0.02229EPSS
Exploits1References2
OSV
OSV
added 2021/07/21 6:15 p.m.15 views

CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

7.2CVSS8AI score
Exploits0References2
Prion
Prion
added 2021/07/21 6:15 p.m.13 views

Sql injection

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

6.5CVSS7.3AI score0.02229EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/21 6:2 p.m.23 views

CVE-2021-34816

An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...

7.5AI score0.02229EPSS
Exploits1References2
CVE
CVE
added 2021/07/21 6:2 p.m.68 views

CVE-2021-34816

Etherpad 1.8.13 has two injection flaws tracked as CVE-2021-34816 (Argument Injection in plugin management) and CVE-2021-34817 (Persistent XSS in chat messages). The Argument Injection flaw arises when an admin installs a plugin; the plugin name is passed to npm install without validation, enabli...

7.2CVSS7AI score0.02229EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.4 views

Etherpad 参数注入漏洞

Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . Etherpad version 1.8.13 there is a security vulnerability , the vulnerability stems from a...

7.2CVSS7.5AI score0.02229EPSS
Exploits1References3
CNVD
CNVD
added 2021/07/20 12:0 a.m.18 views

Etherpad Cross-Site Scripting Vulnerability

Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...

6.1CVSS1.9AI score0.01343EPSS
Exploits1References1
NVD
NVD
added 2021/07/19 2:15 p.m.24 views

CVE-2021-34817

A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...

6.1CVSS0.01343EPSS
Exploits1References4
OSV
OSV
added 2021/07/19 2:15 p.m.13 views

CVE-2021-34817

A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...

6.1CVSS5.8AI score
Exploits0References4
Prion
Prion
added 2021/07/19 2:15 p.m.9 views

Cross site scripting

A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...

4.3CVSS5.9AI score0.01343EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/07/19 1:38 p.m.19 views

CVE-2021-34817

A Cross-Site Scripting XSS issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad...

6AI score0.01343EPSS
Exploits1References4
CVE
CVE
added 2021/07/19 1:38 p.m.39 views

CVE-2021-34817

CVE-2021-34817 is a documented XSS in Etherpad 1.8.13 where the chat message userId is rendered into HTML without escaping, enabling a crafted pad import to execute arbitrary JavaScript in an admin’s browser. The SonarSource write-up confirms the root cause is an unescaped userId in the chat fron...

6.1CVSS5.9AI score0.01343EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder