VDB

GCVE-110-MAGEIA-2018-394

GCVE-110-MAGEIA-2018-394
Advisory Published
Vulnetix · Advisory published October 14, 2018
Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users (CVE-2018-3780).

Affected Products

VendorProductVersionsPlatforms
Mageianextcloud13.0.6-1.mga6 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›