exploitDog

GHSA-5pqm-hfmj-g8jg

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.

Ссылки

EPSS

Процентиль: 57%

0.00348

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-3763

CVSS3: 4.8

nvd

больше 7 лет назад

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.

EPSS

Процентиль: 57%

0.00348

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79