Lucene search
+L

4 matches found

github
github
added 2020/09/04 5:21 p.m.23 views

Cross-Site Scripting in nextcloud-vue-collections

Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...

4.4AI score
Exploits0References3Affected Software1
osv
osv
added 2020/09/04 5:21 p.m.11 views

GHSA-WHV6-RJ84-2VH2 Cross-Site Scripting in nextcloud-vue-collections

Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...

7AI score
Exploits0References3
veracode
veracode
added 2019/12/20 12:50 a.m.12 views

Cross-site Scripting (XSS)

nextcloud-vue-collections is vulnerable to cross-site scripting XSS. The vulnerability exists when the value of v-tooltip is rendered through an insecure defaultHTML configuration...

1.4AI score
Exploits0
nodejs
nodejs
added 2019/12/19 5:32 p.m.19 views

Cross-Site Scripting

Overview Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitra...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder