Описание
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
Ссылки
- Permissions Required
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Permissions Required
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.6.6 (исключая)Версия до 16.0.4 (исключая)Версия до 6.0.4 (исключая)
Одно из
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.8
debian
больше 5 лет назад
Improper neutralization of file names, conversation names and board na ...
github
около 3 лет назад
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
EPSS
Процентиль: 48%
0.0025
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79