CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.
References
Link Resource
https://hackerone.com/reports/1023787 Permissions Required Third Party Advisory
https://nextcloud.com/security/advisory/?id=NC-SA-2021-002 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Information

Published : 2021-02-03 05:15

Updated : 2021-02-05 07:35


NVD link : CVE-2020-8294

Mitre link : CVE-2020-8294

Products Affected
No products.
CWE