Lucene search
K

4993 matches found

Hacker One
Hacker One
added 2018/10/25 2:42 p.m.17 views

Nextcloud: Gallery: No feedback for invalid password

CVSS ---- Low 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Description ----------- The Gallery plugin does not inform a user when password-protecting a file failed in combination with the Password Policy plugin. Because of this, files that the user will rightfully assume to be...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/10/24 2:31 p.m.17 views

Nextcloud: Talk / spreed: Disclosure of Room names and participants for password protected rooms

CVSS ---- 5.3 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS isn't always as fine-grained as I'd like; personally, I would rate the issue somewhere between low and medium Description ----------- The API of the official spreed/talk extension reveals potentially sensitive information such...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/10/24 12:13 p.m.25 views

Nextcloud: Server-Side request forgery in New-Subscription feature of the calendar app

CVSS ---- 8.5 High CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Description ----------- The "New Subscription" functionality of the official Calendar app allows authenticated users to direct the server to perform arbitrary external requests, and then displays the full response to the user. The...

4CVSS0.3AI score0.01287EPSS
Exploits1
OSV
OSV
added 2018/10/14 12:58 a.m.4 views

MGASA-2018-0394 Updated nextcloud packages fix security vulnerability

Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...

5.4CVSS5.2AI score0.00769EPSS
Exploits0References5
Mageia
Mageia
added 2018/10/14 12:58 a.m.36 views

Updated nextcloud packages fix security vulnerability

Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could...

5.4CVSS2.5AI score0.00769EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/09/22 9:18 a.m.46 views

Security update for nextcloud (moderate)

This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...

0.3AI score0.00769EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/09/01 6:36 p.m.27 views

Nextcloud: Information Exposure Through Directory Listing - https://apps.nextcloud.com/static/

Hi Security Team, Url : https://apps.nextcloud.com/static/assets/ Dork : site:nextcloud.com intitle:index.of Hello I am Ismail Tasdelen. I was testing directory security and I saw many directories open. Thanks Impact A directory listing is inappropriately exposed, yielding potentially sensitive...

1.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.26 views

openSUSE Security Update : nextcloud (openSUSE-2018-936)

This update for nextcloud to version 13.0.5 fixes the following issues : Security issues fixed : - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...

5.4CVSS5.3AI score0.00769EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/08/27 12:0 a.m.29 views

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:2521-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.4CVSS5.5AI score0.00769EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/26 9:13 p.m.59 views

Security update for nextcloud (moderate)

This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...

0.3AI score0.00769EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/26 9:7 p.m.61 views

Security update for nextcloud (moderate)

This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names,...

0.3AI score0.00769EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.24 views

Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS5.3AI score0.01263EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.17 views

Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)

Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.1AI score0.00769EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.35 views

Nextcloud Server Security Bypass Vulnerability (Aug 2018)

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.8AI score0.01234EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/15 12:0 a.m.3 views

NextCloud Talk Cross-Site Scripting Vulnerability

NextCloud Talk is a local video conferencing and online chat solution from NextCloud Germany. The product supports video conferencing, online chat and online voice. A cross-site scripting vulnerability exists in versions prior to NextCloud Talk 3.2.5, which stems from the program failing to...

5.4CVSS5.1AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/15 12:0 a.m.2 views

NextCloud Server Cross-Site Scripting Vulnerability (CNVD-2018-17647)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of NextCloud Server prior to 13.0.5, which stems from the...

5.4CVSS5.1AI score0.00769EPSS
Exploits0References1
NVD
NVD
added 2018/08/13 7:29 p.m.23 views

CVE-2018-3781

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5.4CVSS5.2AI score0.0062EPSS
Exploits0References2
OSV
OSV
added 2018/08/13 7:29 p.m.17 views

CVE-2018-3781

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5.4CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2018/08/13 7:29 p.m.15 views

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5.4CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2018/08/13 7:29 p.m.19 views

Cross site scripting

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

3.5CVSS6AI score0.0062EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder