Improper access control

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks...

CVE-2020-8179

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks...

CVE-2020-8179

CVE-2020-8179 affects Nextcloud Deck 1.0.0. The root cause is an improper access control in the deck task/move flow: updating a card’s stackId via /apps/deck/cards/{id} does not enforce that the destination belongs to the requester, allowing an attacker to inject tasks into another user’s deck. T...

Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks...

Missing permission check on resharing a board (NC-SA-2020-025)

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...

Nextcloud Server, Talk and Deck Cross-Site Scripting Vulnerabilities

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Server, Talk and Deck. The vulnerability stems from a lack of proper validation of client-side data b...

CVE-2019-15619

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

Input validation

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

CVE-2019-15619

CVE-2019-15619 affects Nextcloud Suite components: Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3, and Nextcloud Deck 0.6.5. The root cause is improper neutralization of file names, conversation names and board names, leading to cross-site scripting when linking these items within a project. Docum...

Improper neutralization of item names in projects feature (NC-SA-2020-009)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

Improper neutralization of item names in projects feature (NC-SA-2020-008)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...