CVE-2019-15619
Summary
| CVE | CVE-2019-15619 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-04 20:15:00 UTC |
| Updated | 2020-02-12 16:23:00 UTC |
| Description | Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nextcloud | Deck | All | All | All | All |
| Application | Nextcloud | Deck | All | All | All | All |
| Application | Nextcloud | Nextcloud Server | All | All | All | All |
| Application | Nextcloud | Nextcloud Server | All | All | All | All |
| Application | Nextcloud | Talk | All | All | All | All |
| Application | Nextcloud | Talk | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| advisory – Nextcloud | MISC | nextcloud.com | Vendor Advisory |
| advisory – Nextcloud | MISC | nextcloud.com | Vendor Advisory |
| HackerOne | MISC | hackerone.com | Permissions Required |
| advisory – Nextcloud | MISC | nextcloud.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.