Lucene search
HackeroneCVELIST:CVE-2018-3780HistoryAug 13, 2018 - 7:00 p.m.
CVE-2018-3780
2018-08-1319:00:00
CWE-79
hackerone
www.cve.org
6
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
CNA Affected
[
{
"product": "nextcloud/server",
"vendor": "NextCloud",
"versions": [
{
"status": "affected",
"version": ">13.0.5"
}
]
}
]Related
suse
suse
Security update for nextcloud (moderate)
2018-12-07 12:19:24
Security update for nextcloud (moderate)
2018-12-07 12:13:41
Security update for nextcloud (moderate)
2018-09-22 09:18:32
nvd
nvd
CVE-2018-3780
2018-08-13 19:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0394)
2022-01-28 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:2521-1)
2018-08-27 00:00:00
nessus
nessus
openSUSE Security Update : nextcloud (openSUSE-2019-640)
2019-03-27 00:00:00
openSUSE Security Update : nextcloud (openSUSE-2018-1487)
2018-12-07 00:00:00
openSUSE Security Update : nextcloud (openSUSE-2019-655)
2019-03-27 00:00:00
nextcloud
nextcloud
Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)
2018-08-10 00:00:00
osv
osv
CVE-2018-3780
2018-08-13 19:29:00
prion
prion
Cross site scripting
2018-08-13 19:29:00
mageia
mageia
Updated nextcloud packages fix security vulnerability
2018-10-14 03:58:33
cve
cve
CVE-2018-3780
2018-08-13 19:29:00
hackerone
hackerone
Nextcloud: HTML injection with AutoComplete suggestions
2018-07-18 13:45:00