CVE-2025-49591
- EPSS 0.27%
- Veröffentlicht 18.06.2025 22:15:16
- Zuletzt bearbeitet 11.08.2025 18:20:31
CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can g...
CVE-2025-49590
- EPSS 0.06%
- Veröffentlicht 18.06.2025 22:14:06
- Zuletzt bearbeitet 11.08.2025 18:18:19
CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens be...
CVE-2019-15302
- EPSS 0.11%
- Veröffentlicht 11.09.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:28:25
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a trivial URL modification.
CVE-2017-1000051
- EPSS 0.06%
- Veröffentlicht 17.07.2017 13:18:17
- Zuletzt bearbeitet 20.04.2025 01:37:25
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content