XSS Vulnerability in CryptPad by XWiki Labs
CVE-2017-1000051

6.1MEDIUM

Key Information:

Vendor: Xwiki
Status: Cryptpad
Vendor: CVE Published:; 17 July 2017

What is CVE-2017-1000051?

An XSS vulnerability in the pad export feature of CryptPad before version 1.1.1 enables remote attackers to inject malicious web scripts or HTML. This exploit can lead to unauthorized access to sensitive user information, making it crucial to update to the latest version to safeguard against such risks.

References

https://blog.cryptpad.fr/2017/03/06/Security-growing-pains/

x_refsource_CONFIRM

https://github.com/xwiki-labs/cryptpad/releases/tag/1.1.1

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2017
Vulnerability Reserved
Jul 10, 2017

Xwiki

What is CVE-2017-1000051?

References

CVSS V3.1

Timeline