Vulnerability Description
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Deck | < 0.6.6 |
| Nextcloud | Nextcloud Server | < 16.0.4 |
| Nextcloud | Talk | < 6.0.4 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/662204Permissions Required
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-008Vendor Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-009Vendor Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-010Vendor Advisory
- https://hackerone.com/reports/662204Permissions Required
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-008Vendor Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-009Vendor Advisory
- https://nextcloud.com/security/advisory/?id=NC-SA-2020-010Vendor Advisory
FAQ
What is CVE-2019-15619?
CVE-2019-15619 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in ...
How severe is CVE-2019-15619?
CVE-2019-15619 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15619?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Deck, Nextcloud Nextcloud Server, Nextcloud Talk.