Advisories ยป MGASA-2018-0394

Updated nextcloud packages fix security vulnerability

Publication date: 14 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-3780

Description

Nextcloud has been updated to 13.0.6 and fixes at least the following
security issue:

A missing sanitization of search results for an autocomplete field could
lead to a stored XSS requiring user-interaction. The missing sanitization
only affected user names, hence malicious search results could only be
crafted by authenticated users (CVE-2018-3780).
                

References

SRPMS

6/core