CVE-2017-0893

CVE-2017-0893 affects Nextcloud Server prior to 9.0.58, 10.0.5, and 11.0.3. A vulnerable JavaScript library used for sanitizing untrusted input enables a cross-site scripting (XSS) issue due to a Safari 10.1/10.2 behavior change. Nextcloud notes a strict Content-Security-Policy that mitigates exp...

Nextcloud: Stored XSS in Gallery application (NC-SA-2017-010)

Stored XSS in Gallery application NC-SA-2017-010 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CWE-79 Description A JavaScript library used by Nextcloud for sanitizing untrusted...

CentOS Update for 389-ds-base CESA-2017:0893 centos6

Check the version of 389-ds-base SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882687";...

Oracle Linux 6 : 389-ds-base (ELSA-2017-0893)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-0893 advisory. - Resolves: bug 1437777 - EMBARGOED CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages Tenable has extracted the preceding description block...

Virtuozzo Linux Errata and Security Advisory 2017:0893 Important

Upstream security update. Follow RHSA-2017-0893 for details...