Vulnerabilities > Nextcloud > Nextcloud Server > 10.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-08 | CVE-2017-0893 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. | 3.5 |
| 2017-05-08 | CVE-2017-0892 | Session Fixation vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | 4.3 |
| 2017-05-08 | CVE-2017-0891 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | 3.5 |
| 2017-05-08 | CVE-2017-0890 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. | 3.5 |
| 2017-04-05 | CVE-2017-0888 | Improper Input Validation vulnerability in Nextcloud Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. | 4.3 |
| 2017-04-05 | CVE-2017-0883 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. | 5.5 |