Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vu ...

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

Nextcloud Server before 11.0.3 is vulnerable to an improper session ha ...

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoof ...