PT-2018-16182 · Nextcloud · Nextcloud Calendar
Published
2018-07-05
·
Updated
2023-02-28
·
CVE-2018-3763
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Calendar versions prior to 1.5.8
Nextcloud Calendar versions prior to 1.6.1
Description
A stored XSS issue exists due to missing sanitization of search results for an autocomplete field, requiring user-interaction. This issue is limited to group names and can only be exploited by privileged users, such as admins or group admins.
Recommendations
For Nextcloud Calendar versions prior to 1.5.8, update to version 1.5.8 or later.
For Nextcloud Calendar versions prior to 1.6.1, update to version 1.6.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud Calendar