PT-2021-19831 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue affects Nextcloud Server, a package handling data storage. It sends user IDs to the lookup...

GHSA-G3FQ-3V3G-MH32 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs

Impact The Nextcloud dialogs library before 3.1.2 did insufficiently escape text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. Note: Nextcloud Server employs a strict Content Security Policy that mitigates the risk o...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-14767)

Nextcloud is a set of client-server software for creating file hosting services and using them. A reflected cross-site scripting vulnerability exists in Nextcloud Server versions prior to 20.0.6. The vulnerability stems from a lack of validation in OC.Notification.show. An attacker could exploit...

CVE-2020-8296

Summary of CVE-2020-8296 (Nextcloud Server) : Multiple sources describe Nextcloud Server versions prior to 20.0.0 as storing passwords in a recoverable format even when external storage is not configured. The issue is associated with Nextcloud Server

CVE-2020-8296

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured...

Nextcloud Server 跨站脚本漏洞

Nextcloud is a set of client-server software for creating file hosting services and using them. A reflected cross-site scripting vulnerability exists in Nextcloud Server versions prior to 20.0.6. The vulnerability stems from a lack of validation in OC.Notification.show. An attacker could exploit...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-09293)

Nextcloud is a set of client-server software for creating file hosting services and using them.Nextcloud Server is the server software. A cross-site scripting vulnerability exists in versions prior to Nextcloud Server 20.0.2, 19.0.5, and 18.0.11. The vulnerability stems from a lack of link...

CVE-2020-8294

CVE-2020-8294 in Nextcloud Server is a missing link validation vulnerability that allowed stored XSS via a javascript: URL in markdown. Affected versions are Nextcloud Server before 20.0.2, 19.0.5, and 18.0.11. The issue is fixed in OpenSUSE/OpenSUSE-SU updates (e.g., Nextcloud 20.0.7 and later)....

Nextcloud Server Resource Management Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server. The vulnerability stems from the program's lack of input validation, which prevents users from storing...

Nextcloud Server Multiple Vulnerabilities (NC-SA-2021-001, NC-SA-2021-002)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server DoS Vulnerability (NC-SA-2021-003)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server Denial of Service Vulnerability

Nextcloud is a set of client-server software for creating file hosting services and using them.Nextcloud Server is the server software. A denial of service vulnerability exists in Nextcloud Server 19 and earlier versions. The vulnerability stems from a checking error. An attacker could exploit th...

CVE-2020-8295

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

Input validation

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

Design/Logic Flaw

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...

Nextcloud 资源管理错误漏洞

Nextcloud is a set of client-server software for creating file hosting services and using them.Nextcloud Server is the server software. A denial of service vulnerability exists in Nextcloud Server 19 and earlier versions. The vulnerability stems from a checking error. An attacker could exploit th...

PT-2021-12722 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.2 Nextcloud Server versions prior to 19.0.5 Nextcloud Server versions prior to 18.0.11 Description: A missing input validation in Nextcloud Server allows users to store unlimited data in workflow rules,...

Reflected XSS when renaming malicious file (NC-SA-2021-005)

Missing sanitization in Nextcloud Server 20.0.5 and prior allowed to perform a reflected XSS when saving html as file name and causing an error on rename e.g. by renaming to an existing file. The risk is mostly mitigated due to the strict Content-Security-Policy CSP of Nextcloud, and thus mainly...