What the vulnerability does

01Description

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.

Key dates

02Disclosure timeline

February 4, 2020 CVE published
August 5, 2024 Record updated