5.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.7%
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
hackerone.com/reports/662204
nextcloud.com/security/advisory/?id=NC-SA-2020-008
nextcloud.com/security/advisory/?id=NC-SA-2020-009
nextcloud.com/security/advisory/?id=NC-SA-2020-010