2 matches found
CVE-2018-9845
Etherpad Lite before version 1.6.4 is vulnerable to an admin authentication bypass that allows an attacker to gain admin access. The issue is documented across multiple sources (NVD, Nuclei template, SUSE, CNVD, OSV, etc.) with the root cause described as an admin-privilege bypass affecting Ether...
CVE-2018-6834
Consolidated details show Etherpad Lite before v1.6.3 is vulnerable to Cross‑Site Scripting via static/js/pad_utils.js (pad_utils.js) triggered by window.location.href. The issue is documented across multiple sources (NVD, CNVD, OSV, SUSE, CNVD variants) with the affected component identified as ...