Vulnerabilities > Etherpad > Etherpad > 1.2.6

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-43802 Unspecified vulnerability in Etherpad
Etherpad is a real-time collaborative editor.
network
low complexity
etherpad
8.8
2021-04-28 CVE-2020-22782 Unspecified vulnerability in Etherpad
Etherpad < 1.8.3 is affected by a denial of service in the import functionality.
network
low complexity
etherpad
5.0
2021-04-28 CVE-2020-22785 Allocation of Resources Without Limits or Throttling vulnerability in Etherpad
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service.
network
low complexity
etherpad CWE-770
5.0
2021-04-28 CVE-2020-22783 Cleartext Storage of Sensitive Information vulnerability in Etherpad
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files.
network
low complexity
etherpad CWE-312
4.0
2021-04-28 CVE-2020-22781 SQL Injection vulnerability in Etherpad
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
network
low complexity
etherpad CWE-89
5.0
2020-02-13 CVE-2015-3309 Path Traversal vulnerability in Etherpad
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a ..
network
low complexity
etherpad CWE-22
5.0
2018-02-08 CVE-2018-6835 Improper Input Validation vulnerability in Etherpad
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
network
low complexity
etherpad CWE-20
7.5
2017-09-07 CVE-2015-4085 Path Traversal vulnerability in Etherpad
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.
network
low complexity
etherpad CWE-22
5.0
2017-07-07 CVE-2015-3297 Path Traversal vulnerability in Etherpad
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.
network
low complexity
etherpad CWE-22
5.0