http://bugzilla.opensuse.org/show_bug.cgi?id=1162778 Bug ID: 1162778 Summary: VUL-1: CVE-2019-15619: nextcloud: Improper neutralization of file names, conversation names and board names causes an XSS when linking them with each others in a project Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/252410/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos@schirra.net Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-15619 Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15619 https://hackerone.com/reports/662204 https://nextcloud.com/security/advisory/?id=NC-SA-2020-010 https://nextcloud.com/security/advisory/?id=NC-SA-2020-009 https://nextcloud.com/security/advisory/?id=NC-SA-2020-008 -- You are receiving this mail because: You are on the CC list for the bug.