Etherpad Lite
Monthly
Etherpad Lite before 1.6.4 is exploitable for admin access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Etherpad Lite before 1.6.4 is exploitable for admin access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.