Bug ID 1175662
Summary VUL-0: CVE-2020-8189: nextcloud-desktop: cross-site scripting error allowed to present any html
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
URL https://smash.suse.de/issue/265819/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Basesystem
Assignee screening-team-bugs@suse.de
Reporter abergmann@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to
present any html (including local links) when responding with invalid data on
the login attempt.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8189
https://hackerone.com/reports/685552
https://nextcloud.com/security/advisory/?id=NC-SA-2020-027


You are receiving this mail because: