Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2021-34816

Disclosure Date: July 21, 2021 (last updated February 23, 2025)
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-34817

Disclosure Date: July 19, 2021 (last updated February 23, 2025)
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0