Vulnerabilities > Nextcloud > Nextcloud Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-32741 | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-07-12 | CVE-2021-32733 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Text is a collaborative document editing application that uses Markdown. | 6.1 |
| 2021-07-12 | CVE-2021-32725 | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-07-12 | CVE-2021-32703 | Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-07-12 | CVE-2021-32678 | Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-06-01 | CVE-2021-32657 | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 4.3 |
| 2021-03-03 | CVE-2021-22878 | Cross-site Scripting vulnerability in multiple products Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | 4.8 |
| 2021-03-03 | CVE-2021-22877 | Missing Authorization vulnerability in multiple products A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | 6.5 |
| 2021-03-03 | CVE-2020-8296 | Weak Password Requirements vulnerability in multiple products Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | 6.7 |
| 2021-02-03 | CVE-2020-8294 | Cross-site Scripting vulnerability in Nextcloud Server A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | 5.4 |