webzwo0i

2 exploits Active since Jan 2018
CVE-2015-2298 WRITEUP HIGH WRITEUP
Etherpad 1.5.x - Exposure of Sensitive Information via PadID Export
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
CVSS 7.5
CVE-2021-34817 WRITEUP MEDIUM WRITEUP
Etherpad 1.8.13 - Stored Cross-Site Scripting in Chat Component via Pad Import
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.
CVSS 6.1