CVE-2019-18209
MEDIUMEtherpad-Lite 1.7.5 - Cross-Site Scripting via URL Path
Title source: llmDescription
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/ether/etherpad-lite/commit/5879037ddca4ab9a4002adf90fc7ce6c9f82f01b
Scores
CVSS v3
6.1
EPSS
0.0068
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
etherpad/etherpad
1.7.5
Published
Oct 19, 2019
Tracked Since
Feb 18, 2026