CVE-2018-3764
In Nextcloud Contacts before version 2.1.2, a missing sanitization of search results in the autocomplete field can cause a stored XSS. The issue affects group names, so only malicious search results crafted by privileged users (admins/group admins) could trigger the issue. Impact is a stored XSS ...