CVE-2020-8189
published 2020-08-21CVE-2020-8189: A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nextcloud-desktop | < nextcloud-desktop 3.0.1-1 (bookworm) | nextcloud-desktop 3.0.1-1 (bookworm) |
| nextcloud | desktop | < 2.6.5 | 2.6.5 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM