Lucene search
+L
NextcloudNextcloud Server11.0.0

4 matches found

cve
cve
added 2017/05/08 8:0 p.m.73 views

CVE-2017-0895

The CVE-2017-0895 vulnerability affects Nextcloud Server before 10.0.4 and 11.0.2, where a logical error allows disclosure of calendar and addressbook names to other logged‑in users. No calendar/addressbook content is exposed. Affected versions are fixed in the NC-SA-2017-012 advisory, with Nextc...

3.5CVSS3.9AI score0.00724EPSS
cve
cve
added 2017/05/08 8:0 p.m.71 views

CVE-2017-0893

CVE-2017-0893 affects Nextcloud Server prior to 9.0.58, 10.0.5, and 11.0.3. A vulnerable JavaScript library used for sanitizing untrusted input enables a cross-site scripting (XSS) issue due to a Safari 10.1/10.2 behavior change. Nextcloud notes a strict Content-Security-Policy that mitigates exp...

5.4CVSS5.2AI score0.00643EPSS
cve
cve
added 2018/08/12 10:0 p.m.60 views

CVE-2018-3776

CVE-2018-3776 affects Nextcloud Server; an improper input validator in affected versions prior to 12.0.3 and 11.0.5 could allow an attacker’s actions to bypass audit-logging. The vulnerability is documented across multiple sources (including Red Hat and OpenVAS feeds) and is described as a loggin...

5.3CVSS5.1AI score0.01263EPSS
cve
cve
added 2017/05/08 8:0 p.m.58 views

CVE-2017-0891

Nextcloud Server (before 9.0.58, 10.0.5, and 11.0.3) is vulnerable to an inadequate escaping of error messages that leads to Reflected Cross-Site Scripting in multiple components. The provided documents designate this as CVE-2017-0891 and describe XSS in error handling; exploitation details are n...

5.4CVSS5.4AI score0.00643EPSS