Описание
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nextcloud-desktop | fixed | 3.0.1-1 | package | |
| nextcloud-desktop | no-dsa | buster | package |
Примечания
https://nextcloud.com/security/advisory/?id=NC-SA-2020-027
EPSS
Процентиль: 77%
0.01008
Низкий
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 5 лет назад
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVSS3: 5.4
nvd
больше 5 лет назад
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVSS3: 5.4
github
больше 3 лет назад
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
EPSS
Процентиль: 77%
0.01008
Низкий