CVE-2018-3780

CVE-2018-3780

Vendor Nextcloud
Product nextcloud/server
Weakness CWE-79 · XSS
Published August 13, 2018
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.

Key dates

02Disclosure timeline

August 13, 2018 CVE published
August 5, 2024 Record updated