PT-2020-9742 · Nextcloud+1 · Nextcloud Deck+3
Published
2020-02-04
·
Updated
2020-10-15
·
CVE-2019-15619
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server version 16.0.3
Nextcloud Talk version 6.0.3
Nextcloud Deck version 0.6.5
Description
The issue is related to the improper neutralization of file names, conversation names, and board names. This causes a cross-site scripting (XSS) issue when these elements are linked together in a project.
Recommendations
For Nextcloud Server version 16.0.3, update to a version that fixes the improper neutralization of file names, conversation names, and board names.
For Nextcloud Talk version 6.0.3, update to a version that fixes the improper neutralization of file names, conversation names, and board names.
For Nextcloud Deck version 0.6.5, update to a version that fixes the improper neutralization of file names, conversation names, and board names.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud Deck
Nextcloud Server
Nextcloud Talk