Lucene search
K
XwikiCryptpad

5 matches found

CVE
CVE
added 2017/07/13 8:0 p.m.66 views

CVE-2017-1000051

CVE-2017-1000051 is a cross-site scripting (XSS) vulnerability in CryptPad’s pad export feature for XWiki Labs CryptPad versions before 1.1.1. The issue allows remote attackers to inject arbitrary web script or HTML via the pad content. Public descriptions confirm the affected component is the pa...

6.1CVSS6AI score0.01157EPSS
CVE
CVE
added 2019/09/11 8:38 p.m.46 views

CVE-2019-15302

The CVE-2019-15302 issue affects XWiki Labs CryptPad prior to 3.0.0. The pad management logic for Rich Text pads allows a remote attacker with editing rights for a pad’s URL to corrupt the pad (data loss) via a trivial URL modification. The description notes the vulnerability outcome as data loss...

6.5CVSS6.3AI score0.01358EPSS
CVE
CVE
added 2025/06/18 10:15 p.m.23 views

CVE-2025-49591

CVE-2025-49591 (CryptPad 2FA bypass) affects CryptPad versions prior to 2025.3.0. The weakness is in access control enforcement for 2FA, where 2FA can be bypassed if the path parameter length is not 44 characters, enabling an attacker with user credentials to access the victim’s account without e...

9.1CVSS6.6AI score0.00442EPSS
CVE
CVE
added 2025/06/18 10:14 p.m.19 views

CVE-2025-49590

CryptPad (before version 2025.3.0) is affected by a Dom-Based XSS via the Link Bouncer feature, where an early-allow code path executes before the URI protocol is checked, allowing a maliciously crafted javascript: URI to bypass filtering. The issue has been patched in 2025.3.0. Affected componen...

6.3CVSS6.1AI score0.00277EPSS
CVE
CVE
added 2026/04/30 4:35 p.m.17 views

CVE-2025-51846

CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...

8.7CVSS5.2AI score0.00578EPSS