Etherpad-Lite 1.7.5 has an XSS Vulnerability - Cloud WAF

Common Vulnerabilities and Exposures

Etherpad-Lite 1.7.5 has an XSS Vulnerability

October 20, 2019

Overview :

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.

Affected Product(s) :

Etherpad-Lite 1.7.5

Vulnerability Details :

CVE ID :

CVE-2019-18209

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in templates/pad.html when processing URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Solution :
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

cross-site scripting CVE-2019-18209 Etherpad-Lite 1.7.5 XSS attacks

Advanced Machine Learning Based Web Security Solution

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

100%

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Demo Request Form

Overlay Image

100% Advanced Machine Learning Based Bot Management Solution

Demo Request Form

Prophaze Free WAF + CDN + DDoS Protection

All in One Web Security Platform

Overlay Image

Sign up Now and Get Instant Access

Overlay Image

Are you under attack?

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Attack Protection Hotline

Get emergency help 24x7

Overlay Image

Are you under attack?

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

Attack Protection Hotline

Get emergency help 24x7

Overlay Image