CVE-2018-3763 - AskarLabs CVE Database

CVE-2018-3763

Vendor Nextcloud

Product Nextcloud Calendar application

Weakness CWE-79 · XSS

Published July 5, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.

Key dates

02Disclosure timeline

July 5, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-3763 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-62135 WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-43313 WordPress FormFacade plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-10419 code-projects Blood Bank Management System bloodrequest.php cross site scripting CVE-2024-4105 CVE-2026-6735 XSS within PHP-FPM status endpoint