4993 matches found
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3781
A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3780
CVE-2018-3780 detail (normal mode): Nextcloud’s autocomplete search results may expose a stored XSS due to missing sanitization in the autocomplete field. The flaw affects Nextcloud Server releases around 13.x (notably 13.0.5 and related updates) and can be triggered by crafted search results con...
CVE-2018-3780
A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...
CVE-2018-3781
Nextcloud Talk
Nextcloud Server Improper Input Validation Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An input validation vulnerability exists in Nextcloud Server versions prior to 12.0.3 and 11.0.5, which can be exploite...
Nextcloud Server Authorization Issues Vulnerability
Nextcloud is a client-server software suite for creating network hard disks. An authorization issue vulnerability exists in versions of Nextcloud Server prior to 12.0.3, which can be exploited by an attacker to obtain user credentials and bypass two-factor authentication...
CVE-2018-3776
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...
CVE-2018-3776
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...
Authentication flaw
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...
CVE-2018-3775
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...
Input validation
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...
CVE-2018-3775
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...
CVE-2018-3776
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...
CVE-2018-3776
CVE-2018-3776 affects Nextcloud Server; an improper input validator in affected versions prior to 12.0.3 and 11.0.5 could allow an attacker’s actions to bypass audit-logging. The vulnerability is documented across multiple sources (including Red Hat and OpenVAS feeds) and is described as a loggin...
CVE-2018-3775
CVE-2018-3775 concerns Nextcloud Server prior to version 12.0.3, where an attacker with valid user credentials could bypass two‑factor authentication due to improper authentication. The NVD entry lists CVSSv3.1 impact as high (C/H/I/H/A/H) and CVSSv2 as medium (I/P, no confidentiality/availabilit...
CVE-2018-3775
Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...
CVE-2018-3776
Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...
Nextcloud: Self xss
Hello, I found self xss your main domain. I m sending details and I attached poc video. Pls open https://nextcloud.com/about/ Use burp suite and active intercept. Refresh this url. And pls add this payload your url. "alert205'"nextcloud.com Pls click intercept off and page refreshing. Now you see...