What the vulnerability does

01Description

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.

Key dates

02Disclosure timeline

March 3, 2021 CVE published
August 3, 2024 Record updated