Unrated severityNVD Advisory· Published Feb 3, 2021· Updated Aug 4, 2024
CVE-2020-8294
CVE-2020-8294
Description
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: <20.0.2, <19.0.5, <18.0.11
- osv-coords6 versionspkg:rpm/opensuse/nextcloud&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nextcloud&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/nextcloud&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/nextcloud&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/nextcloud&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/nextcloud&distro=SUSE%20Package%20Hub%2015%20SP3
< 20.0.7-lp152.3.6.1+ 5 more
- (no CPE)range: < 20.0.7-lp152.3.6.1
- (no CPE)range: < 20.0.11-bp153.2.3.1
- (no CPE)range: < 20.0.11-bp153.2.3.1
- (no CPE)range: < 20.0.11-bp153.2.3.1
- (no CPE)range: < 20.0.11-bp153.2.3.1
- (no CPE)range: < 20.0.11-bp153.2.3.1
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/1023787mitrex_refsource_CONFIRM
- nextcloud.com/security/advisory/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.