CVE-2019-15619
N/A
N/A
Summary
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Nextcloud Server | 16.0.4 | affected |
Weaknesses
- CWE-79: Cross-site Scripting (XSS) - Stored (CWE-79)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/662204
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-008
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-009
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-010
References
- https://hackerone.com/reports/662204
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-008
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-009
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-010
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.