CVE-2018-6835

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:etherpad:etherpad:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-08 07:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-6835

Mitre link : CVE-2018-6835

CVE.ORG link : CVE-2018-6835


JSON object : View

Products Affected

etherpad

  • etherpad
CWE
CWE-20

Improper Input Validation