Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| firepad(npm) | 0 | N/A | N/A |
CVSS Metrics
