CVE-2019-15619
Description
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
References
Vendor Advisory
Permissions Required
Vendor Advisory
Vendor Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | HIGH |
UserInteraction | REQUIRED |
Scope | CHANGED |
ConfidentialityImpact | LOW |
IntegrityImpact | LOW |
AvailabilityImpact | NONE |
BaseScore | 4.8 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:S/C:N/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | SINGLE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 3.5 |