CVE-2020-8296

Summary of CVE-2020-8296 (Nextcloud Server) : Multiple sources describe Nextcloud Server versions prior to 20.0.0 as storing passwords in a recoverable format even when external storage is not configured. The issue is associated with Nextcloud Server

CVE-2020-8296

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured...

CVE-2021-22878

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting XSS due to lack of sanitization in OC.Notification.show...

CVE-2021-22878

CVE-2021-22878 affects Nextcloud Server prior to 20.0.6, where a reflected XSS exists due to insufficient sanitization in OC.Notification.show. The vulnerability is described across multiple sources (e.g., CNVD/CNNVD, OSV, CVE lists) and is mitigated by upgrading Nextcloud to 20.0.6 or later (per...

CVE-2021-22877

CVE-2021-22877 affects Nextcloud Server prior to 20.0.6, where a missing user check can cause a user’s own credentials to be populated for other users’ external storage configuration when that configuration has not yet been set. This is documented across multiple sources (NVD entry, CNVD/CNNVD su...

CVE-2021-22877

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet...

Nextcloud 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud 20.0.6, which stems from a missing user check inadvertently populating another user's external...

Nextcloud Server 跨站脚本漏洞

Nextcloud is a set of client-server software for creating file hosting services and using them. A reflected cross-site scripting vulnerability exists in Nextcloud Server versions prior to 20.0.6. The vulnerability stems from a lack of validation in OC.Notification.show. An attacker could exploit...

PT-2021-15249 · Nextcloud +1 · Nextcloud +1

Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 20.0.6 Description: A missing user check in Nextcloud inadvertently populates a user's own credentials for other users' external storage configuration when not already configured yet. Recommendations: For Nextcloud...

Nextcloud 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud Server prior to 20.0.0 that stems from a recoverable format storage password, even if external storag...

Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)

Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required...

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

Design/Logic Flaw

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

CVE-2020-8297

Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...

CVE-2020-8297

CVE-2020-8297 affects Nextcloud Deck prior to 1.0.2, with an insecure direct object reference (IDOR) that lets a user with a duplicate username access deck data belonging to a previously deleted user. The issue stems from access control handling in the Deck app and is confirmed by multiple source...

Nextcloud Deck 安全漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...

Nextcloud: HTML Injection on "polls" app - comments section (possibly XSS)

Hi everyone, On latest version of Polls app 1.7.5, I noticed a lack of user input filtering for the "Description" part of the survey. An HTML injection is therefore possible. I tried to inject JavaScript code to get an XSS but I didn't succeed. Certainly someone better than me will be able to do...

Nextcloud: bypassing dashboard without account + Information disclosure trough websockets

Sumarry : I found a information disclosure for bypassing parameter url attacker can redirect to dashboard without login user/pass page and websocket can be exposed in response/dashboard. URL Effected https://support.nextcloud.com/passwordreset Steps To Reproduce: Opened directory at...