Lucene search
PRIOn knowledge basePRION:CVE-2018-3780HistoryAug 13, 2018 - 7:29 p.m.
Cross site scripting
2018-08-1319:29:00
PRIOn knowledge base
www.prio-n.com
5
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nextcloud_server | lt | 13.0.5 |
Related
suse
suse
Security update for nextcloud (moderate)
2018-12-07 12:19:24
Security update for nextcloud (moderate)
2018-12-07 12:13:41
Security update for nextcloud (moderate)
2018-08-26 21:13:06
nvd
nvd
CVE-2018-3780
2018-08-13 19:29:00
openvas
openvas
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:2521-1)
2018-08-27 00:00:00
Mageia: Security Advisory (MGASA-2018-0394)
2022-01-28 00:00:00
nessus
nessus
openSUSE Security Update : nextcloud (openSUSE-2018-1487)
2018-12-07 00:00:00
openSUSE Security Update : nextcloud (openSUSE-2019-640)
2019-03-27 00:00:00
openSUSE Security Update : nextcloud (openSUSE-2018-936)
2018-08-28 00:00:00
osv
osv
CVE-2018-3780
2018-08-13 19:29:00
nextcloud
nextcloud
Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)
2018-08-10 00:00:00
cvelist
cvelist
CVE-2018-3780
2018-08-13 19:00:00
cve
cve
CVE-2018-3780
2018-08-13 19:29:00
mageia
mageia
Updated nextcloud packages fix security vulnerability
2018-10-14 03:58:33
hackerone
hackerone
Nextcloud: HTML injection with AutoComplete suggestions
2018-07-18 13:45:00