5 matches found
CVE-2020-8294
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format...
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:0262-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : nextcloud (openSUSE-2021-262)
This update for nextcloud fixes the following issues : - nextcloud was upgraded to version 20.0.7 - CVE-2020-8294: Fixed a missing link validation boo1181803 - CVE-2020-8295: Fixed a denial of service attack boo1181804 - CVE-2020-8293: Fixed an input validation issue boo1181445 C Tenable Network...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:0262-1 Rating: moderate References: 1181445 1181803 1181804 Cross-References: CVE-2020-8293 CVE-2020-8294 CVE-2020-8295 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...
CVE-2020-8294
CVE-2020-8294 in Nextcloud Server is a missing link validation vulnerability that allowed stored XSS via a javascript: URL in markdown. Affected versions are Nextcloud Server before 20.0.2, 19.0.5, and 18.0.11. The issue is fixed in OpenSUSE/OpenSUSE-SU updates (e.g., Nextcloud 20.0.7 and later)....