Lucene search
VergH1:1023787HistoryNov 01, 2020 - 10:41 a.m.
Nextcloud: Stored XSS in markdown file with Nextcloud Talk using Internet Explorer
2020-11-0110:41:13
verg
hackerone.com
36
0.001 Low
EPSS
Percentile
21.8%
While editing a markdown file through the text app, users can create link elements that have a javascript URL such as javascript:alert(1).
Steps to reproduce:
- While editing a markdown file, select some text and click the “Add Link” button.
- Using a web proxy, intercept the request and change the href value to
javascript:alert(1).
{F1060394}
- Refresh the document and click the malicious link created to fire the payload.
{F1060397}
Note that CSP blocks the javascript from running, but browsers such as IE are still vulnerable.
{F1060402}
Impact
An attacker could execute arbitrary JavaScript code on the web browser of a victim who opens the file and clicks the malicious link.
Related
prion
prion
Format string
2021-02-03 17:15:00
osv
osv
CVE-2020-8294
2021-02-03 17:15:16
nvd
nvd
CVE-2020-8294
2021-02-03 17:15:16
nextcloud
nextcloud
cve
cve
CVE-2020-8294
2021-02-03 17:15:16
cvelist
cvelist
CVE-2020-8294
2021-02-03 16:42:57
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (NC-SA-2021-001, NC-SA-2021-002)
2021-01-28 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:0262-1)
2021-04-16 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1068-1)
2021-07-21 00:00:00
nessus
nessus
openSUSE Security Update : nextcloud (openSUSE-2021-262)
2021-02-09 00:00:00
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1068-1)
2021-07-21 00:00:00
suse
suse
Security update for nextcloud (moderate)
2021-02-11 00:00:00
Security update for nextcloud (moderate)
2021-02-08 00:00:00
Security update for nextcloud (important)
2021-07-21 00:00:00