Vulnerabilities > Etherpad
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-09 | CVE-2021-43802 | Unspecified vulnerability in Etherpad Etherpad is a real-time collaborative editor. | 8.8 |
| 2021-07-21 | CVE-2021-34816 | Argument Injection or Modification vulnerability in Etherpad 1.8.13 An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. | 7.2 |
| 2021-07-19 | CVE-2021-34817 | Cross-site Scripting vulnerability in Etherpad 1.8.13 A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad. | 6.1 |
| 2021-04-28 | CVE-2020-22784 | Incorrect Comparison vulnerability in Etherpad Ueberdb In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | 7.5 |
| 2021-04-28 | CVE-2020-22782 | Unspecified vulnerability in Etherpad Etherpad < 1.8.3 is affected by a denial of service in the import functionality. | 7.5 |
| 2021-04-28 | CVE-2020-22785 | Allocation of Resources Without Limits or Throttling vulnerability in Etherpad Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. | 7.5 |
| 2021-04-28 | CVE-2020-22783 | Cleartext Storage of Sensitive Information vulnerability in Etherpad Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. | 6.5 |
| 2021-04-28 | CVE-2020-22781 | SQL Injection vulnerability in Etherpad In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | 7.5 |
| 2020-02-13 | CVE-2015-3309 | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. | 7.5 |
| 2019-10-19 | CVE-2019-18209 | Cross-site Scripting vulnerability in Etherpad 1.7.5 templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer. | 6.1 |