112 matches found
Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)
Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Cross site scripting
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
gnupg2 security update
2.0.14-9 - fix CVE-2018-12020 - missing sanitization of original filename...
CVE-2018-3763
In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like...
CVE-2018-3763
In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like...
Stored XSS in calendar via group shares (NC-SA-2018-004)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins...
PT-2018-16150 · Unknown · Crud-File-Server
Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.8.0 Description: The issue is related to a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. This is due to insufficient sanitization of filenames when the directory index ...
CVE-2018-7226
An issue was discovered in vcSetXCutTextProc in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC...
Microsoft Windows 8.1 / 10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege E
Exploit for windows platform in category local exploits / Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=687 https://googleprojectzero.blogspot.ca/2016/03/exploiting-leaked-thread-handle.html Windows: Secondary Logon Standard Handles Missing Sanitization EoP Platform: Windows...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to no proper sanitization of xlink:href attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. Th...