CVE-2018-3780

🗓️ 13 Aug 2018 19:00:29Reported by hackeroneType

A missing sanitization of search results in NextCloud Server <13.0.5 could lead to a stored XSS

Reporter	Title	Published	Views	Family All 20
SUSE Linux	Security update for nextcloud (moderate)	7 Dec 201812:19	–	suse
SUSE Linux	Security update for nextcloud (moderate)	26 Aug 201821:07	–	suse
SUSE Linux	Security update for nextcloud (moderate)	7 Dec 201812:13	–	suse
SUSE Linux	Security update for nextcloud (moderate)	22 Sep 201809:18	–	suse
SUSE Linux	Security update for nextcloud (moderate)	26 Aug 201821:13	–	suse
Tenable Nessus	openSUSE Security Update : nextcloud (openSUSE-2018-936)	28 Aug 201800:00	–	nessus
Tenable Nessus	openSUSE Security Update : nextcloud (openSUSE-2019-655)	27 Mar 201900:00	–	nessus
Tenable Nessus	openSUSE Security Update : nextcloud (openSUSE-2019-640)	27 Mar 201900:00	–	nessus
Tenable Nessus	openSUSE Security Update : nextcloud (openSUSE-2018-1487)	7 Dec 201800:00	–	nessus
Prion	Cross site scripting	13 Aug 201819:29	–	prion

Nvd

Vulners

Node

nextcloud nextcloud_serverRange<13.0.5

[
  {
    "product": "nextcloud/server",
    "vendor": "NextCloud",
    "versions": [
      {
        "status": "affected",
        "version": ">13.0.5"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/383117
nextcloud	www.nextcloud.com/security/advisory/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Aug 2018 19:29Current

4.9Medium risk

Vulners AI Score4.9

CVSS23.5

CVSS35.4

EPSS0.00049

CWE-79