3 matches found
CVE-2019-15302
The CVE-2019-15302 issue affects XWiki Labs CryptPad prior to 3.0.0. The pad management logic for Rich Text pads allows a remote attacker with editing rights for a pad’s URL to corrupt the pad (data loss) via a trivial URL modification. The description notes the vulnerability outcome as data loss...
CVE-2025-49591
CVE-2025-49591 (CryptPad 2FA bypass) affects CryptPad versions prior to 2025.3.0. The weakness is in access control enforcement for 2FA, where 2FA can be bypassed if the path parameter length is not 44 characters, enabling an attacker with user credentials to access the victim’s account without e...
CVE-2025-49590
CryptPad (before version 2025.3.0) is affected by a Dom-Based XSS via the Link Bouncer feature, where an early-allow code path executes before the URI protocol is checked, allowing a maliciously crafted javascript: URI to bypass filtering. The issue has been patched in 2025.3.0. Affected componen...