CVE-2021-39221

CVE-2021-39221 affects the Nextcloud Contacts app before v4.0.3, with a stored XSS vulnerability due to improper validation of client-side data. Exploitation requires a user to right-click a malicious file and open it in a new tab; however, a strict Content-Security-Policy (CSP) in modern browser...

CVE-2021-39220

Summary: CVE-2021-39220 affects the Nextcloud Mail application. The issue is an information-disclosure due to a privacy filter that fails to filter images using relative protocols, allowing leakage of read state or user IP. Affected versions: Nextcloud Mail prior to 1.10.4 and 1.11.0. Root cause:...

CVE-2021-39220 Bypass of image blocking in Nextcloud Mail

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...

Two-Factor Authentication not enforced for pages marked as public

None...

File Traversal affecting SVG files on Nextcloud Server

None...

Rate-limits not working on instances without configured memory cache backend

None...

Missing permission check on Deck API

None...

Nextcloud Server shipped insecure Archive_Tar version

None...

Missing User Presence Check in Nextcloud WebAuthn login

None...

File path disclosure of shared files in OfficeOnline application

None...

File path disclosure of shared files in Richdocuments application

None...

XSS in Contacts

None...

XSS in Talk

None...

Bypass of image blocking in Nextcloud Mail

None...

Nextcloud 输入验证错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. Nextcloud Mail applications prior to versions 1.10.4 and 1.11.0 are vulnerable to an information disclosure vulnerability that stems from a privacy filt...

Nextcloud 安全漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud, a German company. nextcloud has a security vulnerability that stems from an improper design or implementation during the development of code for a networked system or...

Nextcloud 安全漏洞

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. Nextcloud Deck is vulnerable to an access control error in versions prior to 1.2.9, 1.4.5 and 1.5.3. The vulnerability stems from a lack of permission...

Nextcloud 安全漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communications application platform from Germany-based Nextcloud. Nextcloud has a security vulnerability that stems from an improperly designed or implemented problem in the code development process of the network system or...

Nextcloud 代码问题漏洞

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Contacts application prior to version 4.0.3 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...