Vulnerabilities > Nextcloud > Nextcloud Server > 18.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-8155 | Cross-site Scripting vulnerability in Nextcloud Server An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 5.4 |
| 2020-05-12 | CVE-2020-8154 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 |