CVE-2019-15619

Sažetak

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.

Reference

https://hackerone.com/reports/662204
https://nextcloud.com/security/advisory/?id=NC-SA-2020-008
https://nextcloud.com/security/advisory/?id=NC-SA-2020-009
https://nextcloud.com/security/advisory/?id=NC-SA-2020-010

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

12-02-2020 - 16:23

Objavljeno

04-02-2020 - 20:15