Page 28 of 155 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. Nextcloud Server anterior a 11.0.3 es vulnerable a una manipulación incorrecta de la sesión, lo que permite especificar una contraseña a la aplicación sin permiso de acceso a ficheros o al fichero de usuarios • https://hackerone.com/reports/191979 https://nextcloud.com/security/advisory/?id=nc-sa-2017-009 • CWE-285: Improper Authorization CWE-384: Session Fixation •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. Nextcloud Server anterior a 9.0.58 a 10.0.5 y a 11.0.3 son vulnerables a un escape inadecuado de mensajes de error que conducen a vulnerabilidades XSS en múltiples componentes. NextCloud and OwnCloud suffer from a cross site scripting vulnerability in their error pages. OwnCloud versions 9.1.5 and below are affected. NextCloud versions prior to 11.0.3, 10.0.5, and 9.0.58 are affected. • https://hackerone.com/reports/216812 https://nextcloud.com/security/advisory/?id=nc-sa-2017-008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue. Nextcloud Server anterior a 11.0.3 es vulnerable a un escape inadecuado lo que produce una vulnerabilidad XSS en el módulo de búsqueda. Para ser explotable un usuario tiene que escribir o pegar contenido malicioso en el diálogo de búsqueda. • https://hackerone.com/reports/213227 https://nextcloud.com/security/advisory/?id=nc-sa-2017-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers. Nextcloud Server anterior a 9.0.58, a 10.0.5, y a 11.0.3 utiliza una biblioteca de JavaScript vulnerable para desinfectar la entrada de usuario no confiable que sufrió una vulnerabilidad XSS causada por un cambio de comportamiento en Safari 10.1 y 10.2. Tenga en cuenta que Nextcloud emplea una estricta política de seguridad de contenido que impide la explotación de este problema XSS en los navegadores web modernos. • https://hackerone.com/reports/222838 https://nextcloud.com/security/advisory/?id=nc-sa-2017-010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. Nextcloud Server en versiones anteriores a 9.0.55 y 10.0.2 sufre una vulnerabilidad de Content-Spoofing en la aplicación "files". La barra de navegación superior mostrada en la lista de archivos contenía entradas parcialmente controlables por el usuario que conducían a una posible representación errónea de la información. • http://www.securityfocus.com/bid/97491 https://hackerone.com/reports/179073 https://nextcloud.com/security/advisory/?id=nc-sa-2017-006 • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •