Page 3 of 21 results (0.002 seconds)
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3781
https://notcve.org/view.php?id=CVE-2018-3781
13 Aug 2018 — A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. La falta de saneamiento de los resultados de búsqueda para un campo de autocompletado en NextCloud Talk en versiones anteriores a la 3.2.5 podría provocar un Cross-Site Scripting (XSS) persistente que requiera la interacción del usuario.... • https://hackerone.com/reports/383117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •