PT-2020-21559 — XSS in Nextcloud Nextcloud-Vue-Collections

PT-2020-21559 · Nextcloud · Nextcloud-Vue-Collections

Published

2020-09-04

Updated

2020-09-04

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions nextcloud-vue-collections versions prior to 0.4.2

Description The issue concerns an insecure configuration in the v-tooltip component, which allows arbitrary JavaScript to be injected into the tooltip of a collection item. This enables attackers to execute arbitrary code in a victim's browser, leveraging a Cross-Site Scripting (XSS) attack.

Recommendations Upgrade to version 0.4.2 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-WHV6-RJ84-2VH2

Affected Products

Nextcloud-Vue-Collections

PT-2020-21559 · Nextcloud · Nextcloud-Vue-Collections

Weakness Enumeration

Related Identifiers

Affected Products

References · 4