2 matches found
CVE-2019-15618
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...
CVE-2019-15618
CVE-2019-15618 affects Nextcloud Server Updater up to at least 15.0.5, where missing HTML escaping in the Updater allows a reflected XSS when started from a malicious location. The vulnerability is a client-side reflection (no server-state compromise described) that can lead to execution of arbit...