CVE-2015-2298

Published January 12th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.

ether/etherpad

Etherpad: A modern really-real-time collaborative document editor.

GitHub

18.4K