Bug ID | 1162778 |
---|---|
Summary | VUL-1: CVE-2019-15619: nextcloud: Improper neutralization of file names, conversation names and board names causes an XSS when linking them with each others in a project |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.1 |
Hardware | Other |
URL | https://smash.suse.de/issue/252410/ |
OS | Other |
Status | NEW |
Severity | Minor |
Priority | P5 - None |
Component | Security |
Assignee | ecsos@schirra.net |
Reporter | rfrohl@suse.com |
QA Contact | security-team@suse.de |
Found By | Security Response Team |
Blocker | --- |
CVE-2019-15619 Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15619 https://hackerone.com/reports/662204 https://nextcloud.com/security/advisory/?id=NC-SA-2020-010 https://nextcloud.com/security/advisory/?id=NC-SA-2020-009 https://nextcloud.com/security/advisory/?id=NC-SA-2020-008