VDB
GCVE-110-MAGEIA-2018-394
GCVE-110-MAGEIA-2018-394
Advisory Published
Nextcloud has been updated to 13.0.6 and fixes at least the following
security issue:
A missing sanitization of search results for an autocomplete field could
lead to a stored XSS requiring user-interaction. The missing sanitization
only affected user names, hence malicious search results could only be
crafted by authenticated users (CVE-2018-3780).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | nextcloud | 13.0.6-1.mga6 (unaffected), 0 (affected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.