Lucene search

K
nextcloudAn anonymous hackerNC-SA-2018-005
HistoryJun 21, 2018 - 12:00 a.m.

Stored XSS in contacts via group shares (NC-SA-2018-005)

2018-06-2100:00:00
An anonymous hacker
nextcloud.com
16

EPSS

0.001

Percentile

21.7%

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.

EPSS

0.001

Percentile

21.7%

Related for NC-SA-2018-005