Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
etherpad etherpad vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions before 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the malicious user to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad p...
Etherpad Etherpad
5
CVSSv2
CVE-2015-3309
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 up to and including 1.5.4 allows remote malicious users to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This v...
Etherpad Etherpad
4.3
CVSSv2
CVE-2018-6834
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.
Etherpad Etherpad Lite
6.5
CVSSv2
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
Etherpad Etherpad 1.8.13
4.3
CVSSv2
CVE-2021-34817
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote malicious users to inject arbitrary JavaScript or HTML by importing a crafted pad.
Etherpad Etherpad 1.8.13
7.5
CVSSv2
CVE-2018-9326
Etherpad 1.6.3 prior to 1.6.4 allows an malicious user to execute arbitrary code.
Etherpad Etherpad 1.6.3
4.3
CVSSv2
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
Etherpad Etherpad 1.7.5
7.5
CVSSv2
CVE-2018-9845
Etherpad Lite prior to 1.6.4 is exploitable for admin access.
Etherpad Etherpad Lite
5
CVSSv2
CVE-2020-22784
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.
Etherpad Ueberdb
7.5
CVSSv2
CVE-2013-7380
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
Ep Imageconvert Project Ep Imageconvert
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2