Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content
References
| Link | Resource |
|---|---|
| https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/ | Third Party Advisory |
| https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1 | Release Notes Third Party Advisory |
| https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/ | Third Party Advisory |
| https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1 | Release Notes Third Party Advisory |
Configurations
History
21 Nov 2024, 03:04
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/ - Third Party Advisory | |
| References | () https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1 - Release Notes, Third Party Advisory |
Information
Published : 2017-07-17 13:18
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000051
Mitre link : CVE-2017-1000051
CVE.ORG link : CVE-2017-1000051
JSON object : View
Products Affected
xwiki
- cryptpad
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')