CVE-2020-8155 — Cross-site Scripting in Server

CWE-79 — Cross-site Scripting6 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.6%

top 31.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedMay 12

Latest updateMay 24

Description

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server< 18.0.3

▶CVEListV5nextcloud/nextcloud_server18.0.3

🔴Vulnerability Details

GHSA

GHSA-xqxr-66xr-xfq3: An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18↗2022-05-24

▶

CVEList

CVE-2020-8155: An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18↗2020-05-12

▶

💬Community

Bugzilla

CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities↗2020-05-20

▶

Bugzilla

CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities [fedora-all]↗2020-05-20

▶

Bugzilla

CVE-2020-8153 CVE-2020-8154 CVE-2020-8155 CVE-2020-8156 nextcloud: multiple vulnerabilities [epel-7]↗2020-05-20

▶