Vulnerabilities > Etherpad

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-34816 Argument Injection or Modification vulnerability in Etherpad 1.8.13
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
network
low complexity
etherpad CWE-88
6.5
2021-07-19 CVE-2021-34817 Cross-site Scripting vulnerability in Etherpad 1.8.13
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.
network
etherpad CWE-79
4.3
2021-04-28 CVE-2020-22784 Incorrect Authorization vulnerability in Etherpad Ueberdb
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.
network
low complexity
etherpad CWE-863
5.0
2021-04-28 CVE-2020-22782 Unspecified vulnerability in Etherpad
Etherpad < 1.8.3 is affected by a denial of service in the import functionality.
network
low complexity
etherpad
5.0
2021-04-28 CVE-2020-22785 Allocation of Resources Without Limits or Throttling vulnerability in Etherpad
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service.
network
low complexity
etherpad CWE-770
5.0
2021-04-28 CVE-2020-22783 Cleartext Storage of Sensitive Information vulnerability in Etherpad
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files.
network
low complexity
etherpad CWE-312
4.0
2021-04-28 CVE-2020-22781 SQL Injection vulnerability in Etherpad
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
network
low complexity
etherpad CWE-89
5.0
2020-02-13 CVE-2015-3309 Path Traversal vulnerability in Etherpad
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a ..
network
low complexity
etherpad CWE-22
5.0
2019-10-19 CVE-2019-18209 Cross-site Scripting vulnerability in Etherpad 1.7.5
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
network
etherpad CWE-79
4.3
2018-04-29 CVE-2018-9845 Improper Handling of Case Sensitivity vulnerability in Etherpad Lite
Etherpad Lite before 1.6.4 is exploitable for admin access.
network
low complexity
etherpad CWE-178
7.5