4 matches found
CVE-2017-0895
The CVE-2017-0895 vulnerability affects Nextcloud Server before 10.0.4 and 11.0.2, where a logical error allows disclosure of calendar and addressbook names to other logged‑in users. No calendar/addressbook content is exposed. Affected versions are fixed in the NC-SA-2017-012 advisory, with Nextc...
CVE-2017-0893
CVE-2017-0893 affects Nextcloud Server prior to 9.0.58, 10.0.5, and 11.0.3. A vulnerable JavaScript library used for sanitizing untrusted input enables a cross-site scripting (XSS) issue due to a Safari 10.1/10.2 behavior change. Nextcloud notes a strict Content-Security-Policy that mitigates exp...
CVE-2018-3776
CVE-2018-3776 affects Nextcloud Server; an improper input validator in affected versions prior to 12.0.3 and 11.0.5 could allow an attacker’s actions to bypass audit-logging. The vulnerability is documented across multiple sources (including Red Hat and OpenVAS feeds) and is described as a loggin...
CVE-2017-0891
Nextcloud Server (before 9.0.58, 10.0.5, and 11.0.3) is vulnerable to an inadequate escaping of error messages that leads to Reflected Cross-Site Scripting in multiple components. The provided documents designate this as CVE-2017-0891 and describe XSS in error handling; exploitation details are n...