Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
etherpad etherpad vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions before 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the malicious user to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad p...
Etherpad Etherpad
7.2
CVSSv3
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
Etherpad Etherpad 1.8.13
6.1
CVSSv3
CVE-2021-34817
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote malicious users to inject arbitrary JavaScript or HTML by importing a crafted pad.
Etherpad Etherpad 1.8.13
7.5
CVSSv3
CVE-2020-22782
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.
Etherpad Etherpad
7.5
CVSSv3
CVE-2020-22781
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
Etherpad Etherpad
6.5
CVSSv3
CVE-2020-22783
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
Etherpad Etherpad
7.5
CVSSv3
CVE-2020-22784
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.
Etherpad Ueberdb
7.5
CVSSv3
CVE-2020-22785
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check.
Etherpad Etherpad
7.5
CVSSv3
CVE-2015-3309
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 up to and including 1.5.4 allows remote malicious users to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This v...
Etherpad Etherpad
9.8
CVSSv3
CVE-2013-7380
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
Ep Imageconvert Project Ep Imageconvert
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »