XSS Vulnerability in CryptPad by XWiki Labs
CVE-2017-1000051

6.1MEDIUM

Key Information:

Vendor: Xwiki
Status: Cryptpad
Vendor: CVE Published:; 17 July 2017

Summary

An XSS vulnerability in the pad export feature of CryptPad before version 1.1.1 enables remote attackers to inject malicious web scripts or HTML. This exploit can lead to unauthorized access to sensitive user information, making it crucial to update to the latest version to safeguard against such risks.

References

https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/

x_refsource_CONFIRM

https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017