4969 matches found
Updated nextcloud packages fix security vulnerability
Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Nextcloud: Information Exposure Through Directory Listing - https://apps.nextcloud.com/static/
Hi Security Team, Url : https://apps.nextcloud.com/static/assets/ Dork : site:nextcloud.com intitle:index.of Hello I am Ismail Tasdelen. I was testing directory security and I saw many directories open. Thanks Impact A directory listing is inappropriately exposed, yielding potentially sensitive...
openSUSE Security Update : nextcloud (openSUSE-2018-936)
This update for nextcloud to version 13.0.5 fixes the following issues : Security issues fixed : - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:2521-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Security update for nextcloud (moderate)
This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...
Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)
Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability
Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server Security Bypass Vulnerability (Aug 2018)
Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NextCloud Server Cross-Site Scripting Vulnerability (CNVD-2018-17647)
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of NextCloud Server prior to 13.0.5, which stems from the...
NextCloud Talk Cross-Site Scripting Vulnerability
NextCloud Talk is a local video conferencing and online chat solution from NextCloud Germany. The product supports video conferencing, online chat and online voice. A cross-site scripting vulnerability exists in versions prior to NextCloud Talk 3.2.5, which stems from the program failing to...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Cross site scripting
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Cross site scripting
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...