Vulnerabilities > Nextcloud > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-13 | CVE-2018-3780 | Cross-site Scripting vulnerability in Nextcloud Server A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. | 3.5 |
| 2018-08-13 | CVE-2018-3781 | Cross-site Scripting vulnerability in Nextcloud Talk A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. | 3.5 |
| 2017-05-08 | CVE-2017-0890 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. | 3.5 |
| 2017-05-08 | CVE-2017-0891 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | 3.5 |
| 2017-05-08 | CVE-2017-0893 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. | 3.5 |
| 2017-05-08 | CVE-2017-0895 | Information Exposure vulnerability in Nextcloud Server Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. | 3.5 |
| 2017-03-28 | CVE-2016-9465 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. | 3.5 |
| 2016-09-17 | CVE-2016-7419 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. | 3.5 |