CVE-2019-15619: XSS
First published: Tue Feb 04 2020(Updated: )
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Deck | <0.6.6 | |
| Nextcloud Nextcloud Server | <16.0.4 | |
| Nextcloud talk | <6.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-15619.
What is the severity of CVE-2019-15619?
The severity of CVE-2019-15619 is medium.
Which versions of Nextcloud Deck are affected by CVE-2019-15619?
Nextcloud Deck versions up to and excluding 0.6.6 are affected by CVE-2019-15619.
Which versions of Nextcloud Server are affected by CVE-2019-15619?
Nextcloud Server versions up to and excluding 16.0.4 are affected by CVE-2019-15619.
Which versions of Nextcloud Talk are affected by CVE-2019-15619?
Nextcloud Talk versions up to and excluding 6.0.4 are affected by CVE-2019-15619.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/nextcloud
- canonical/nextcloud deck
- canonical/nextcloud nextcloud server
- canonical/nextcloud talk