Lucene search
K

4993 matches found

NVD
NVD
added 2018/08/13 7:29 p.m.17 views

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5.4CVSS5.1AI score0.00769EPSS
Exploits0References2
OSV
OSV
added 2018/08/13 7:29 p.m.15 views

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5.4CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added 2018/08/13 7:0 p.m.29 views

CVE-2018-3781

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

6.1AI score0.0062EPSS
Exploits0References2
CVE
CVE
added 2018/08/13 7:0 p.m.56 views

CVE-2018-3780

CVE-2018-3780 detail (normal mode): Nextcloud’s autocomplete search results may expose a stored XSS due to missing sanitization in the autocomplete field. The flaw affects Nextcloud Server releases around 13.x (notably 13.0.5 and related updates) and can be triggered by crafted search results con...

5.4CVSS4.9AI score0.00769EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/08/13 7:0 p.m.20 views

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5AI score0.00769EPSS
Exploits0References2
CVE
CVE
added 2018/08/13 7:0 p.m.50 views

CVE-2018-3781

Nextcloud Talk

5.4CVSS5AI score0.0062EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/08/13 12:0 a.m.1 views

Nextcloud Server Improper Input Validation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An input validation vulnerability exists in Nextcloud Server versions prior to 12.0.3 and 11.0.5, which can be exploite...

5.3CVSS5.3AI score0.01263EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/13 12:0 a.m.3 views

Nextcloud Server Authorization Issues Vulnerability

Nextcloud is a client-server software suite for creating network hard disks. An authorization issue vulnerability exists in versions of Nextcloud Server prior to 12.0.3, which can be exploited by an attacker to obtain user credentials and bypass two-factor authentication...

8.8CVSS8.2AI score0.01234EPSS
Exploits0References1
NVD
NVD
added 2018/08/12 10:29 p.m.26 views

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

5.3CVSS5.2AI score0.01263EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/08/12 10:29 p.m.20 views

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

5.3CVSS6.1AI score0.01263EPSS
Exploits0References3
Prion
Prion
added 2018/08/12 10:29 p.m.22 views

Authentication flaw

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...

4CVSS8.7AI score0.01234EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/08/12 10:29 p.m.27 views

CVE-2018-3775

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...

8.8CVSS8.7AI score0.01234EPSS
Exploits0References2
Prion
Prion
added 2018/08/12 10:29 p.m.17 views

Input validation

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

5CVSS5.2AI score0.01263EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/08/12 10:29 p.m.26 views

CVE-2018-3775

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...

8.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2018/08/12 10:29 p.m.23 views

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

5.3CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2018/08/12 10:0 p.m.58 views

CVE-2018-3776

CVE-2018-3776 affects Nextcloud Server; an improper input validator in affected versions prior to 12.0.3 and 11.0.5 could allow an attacker’s actions to bypass audit-logging. The vulnerability is documented across multiple sources (including Red Hat and OpenVAS feeds) and is described as a loggin...

5.3CVSS5.1AI score0.01263EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/08/12 10:0 p.m.86 views

CVE-2018-3775

CVE-2018-3775 concerns Nextcloud Server prior to version 12.0.3, where an attacker with valid user credentials could bypass two‑factor authentication due to improper authentication. The NVD entry lists CVSSv3.1 impact as high (C/H/I/H/A/H) and CVSSv2 as medium (I/P, no confidentiality/availabilit...

8.8CVSS8.7AI score0.01234EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/08/12 10:0 p.m.30 views

CVE-2018-3775

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...

8.8AI score0.01234EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/12 10:0 p.m.30 views

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

5.2AI score0.01263EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/07/30 4:6 p.m.22 views

Nextcloud: Self xss

Hello, I found self xss your main domain. I m sending details and I attached poc video. Pls open https://nextcloud.com/about/ Use burp suite and active intercept. Refresh this url. And pls add this payload your url. "alert205'"nextcloud.com Pls click intercept off and page refreshing. Now you see...

0.4AI score
Exploits0
Rows per page
Query Builder