Vulnerabilities > Nextcloud > Nextcloud Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-28 | CVE-2017-0936 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. | 5.7 |
| 2017-05-08 | CVE-2017-0894 | Incorrect Authorization vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. | 4.3 |
| 2017-05-08 | CVE-2017-0893 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. | 5.4 |
| 2017-05-08 | CVE-2017-0891 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | 5.4 |
| 2017-05-08 | CVE-2017-0890 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. | 5.4 |
| 2017-04-05 | CVE-2017-0888 | Improper Input Validation vulnerability in Nextcloud Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. | 4.3 |
| 2017-04-05 | CVE-2017-0887 | Improper Input Validation vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. | 4.3 |
| 2017-04-05 | CVE-2017-0886 | Uncontrolled Recursion vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. | 6.5 |
| 2017-04-05 | CVE-2017-0885 | Information Exposure vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. | 4.3 |
| 2017-04-05 | CVE-2017-0884 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. | 4.3 |