EUVD-2021-0821

Malware in sbrugna...

CVE-2021-29438

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

@nextcloud/vue (>=2.1.0 <=2.7.0) potentially affected by CVE-2021-29438 via @nextcloud/dialogs (>=1.4.0 <=2.0.1)

@nextcloud/dialogs NPM version =1.4.0, =2.1.0, =2.7.0 Source cves: CVE-2021-29438 Source advisory: OSV:GHSA-G3FQ-3V3G-MH32...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs

Impact The Nextcloud dialogs library before 3.1.2 did insufficiently escape text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. Note: Nextcloud Server employs a strict Content Security Policy that mitigates the risk o...

CVE-2021-29438

The CVE-2021-29438 issue affects the npm package @nextcloud/dialogs (Nextcloud dialogs library) prior to version 3.1.2 , where text input displayed in a toast was insufficiently escaped, enabling a potential XSS vector in applications showing user-supplied input in toasts. The vulnerability is mi...