Updated nextcloud packages fix security vulnerability
Publication date: 14 Oct 2018Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-3780
Description
Nextcloud has been updated to 13.0.6 and fixes at least the following security issue: A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users (CVE-2018-3780).
References
SRPMS
6/core
- nextcloud-13.0.6-1.mga6