Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

6 matches found

CVE•added 2017/05/08 8:29 p.m.•57 views

CVE-2017-0895

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

3.5CVSS3.9AI score0.00126EPSS

CVE•added 2017/05/08 8:29 p.m.•56 views

CVE-2017-0893

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing...

5.4CVSS5.2AI score0.00223EPSS

CVE•added 2017/05/08 8:29 p.m.•48 views

CVE-2017-0894

Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.

4.3CVSS4.5AI score0.00978EPSS

CVE•added 2017/05/08 8:29 p.m.•47 views

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

4.3CVSS4.2AI score0.00782EPSS

CVE•added 2017/05/08 8:29 p.m.•46 views

CVE-2017-0890

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

5.4CVSS5.2AI score0.00349EPSS

CVE•added 2017/05/08 8:29 p.m.•44 views

CVE-2017-0891

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

5.4CVSS5.4AI score0.00191EPSS