Vulnerabilities > Nextcloud > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-32653 | Information Exposure Through Sent Data vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 2.7 |
| 2021-02-03 | CVE-2020-8294 | Cross-site Scripting vulnerability in Nextcloud Server A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | 3.5 |
| 2021-01-06 | CVE-2020-8280 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2021-01-06 | CVE-2020-8281 | Cross-site Scripting vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2020-11-16 | CVE-2020-8152 | Insufficiently Protected Credentials vulnerability in Nextcloud Server Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | 2.1 |
| 2020-11-09 | CVE-2020-8150 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | 1.9 |
| 2020-11-02 | CVE-2020-8173 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | 3.5 |
| 2020-08-21 | CVE-2020-8189 | Cross-site Scripting vulnerability in Nextcloud Desktop A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | 3.5 |
| 2020-08-17 | CVE-2020-8230 | Out-of-bounds Write vulnerability in Nextcloud Desktop A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | 2.1 |
| 2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 3.2 |