Unrated severityNVD Advisory· Published Mar 3, 2021· Updated Aug 3, 2024
CVE-2021-22878
CVE-2021-22878
Description
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in OC.Notification.show.
Affected products
1- Range: Fixed in 20.0.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/mitrevendor-advisoryx_refsource_FEDORA
- github.com/nextcloud/server/pull/25234mitrex_refsource_MISC
- hackerone.com/reports/896522mitrex_refsource_MISC
- nextcloud.com/security/advisory/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.