exploitDog

CVE-2019-18209

Опубликовано: 19 окт. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.

Ссылки

https://github.com/ether/etherpad-lite/commit/5879037ddca4ab9a4002adf90fc7ce6c9f82f01b
Patch
Third Party Advisory
https://github.com/ether/etherpad-lite/commit/5879037ddca4ab9a4002adf90fc7ce6c9f82f01b
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:etherpad:etherpad:1.7.5:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-18209

CVSS3: 6.1

debian

больше 6 лет назад

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...

GHSA-wm6p-54cv-qxf5

CVSS3: 6.1

github

больше 3 лет назад

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79