Nextcloud Circles vulnerabilities
3 known vulnerabilities affecting nextcloud/circles.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-32782MEDIUMCVSS 5.4fixed in 0.19.14≥ 0.20.0, < 0.20.10+1 more2021-09-07
CVE-2021-32782 [MEDIUM] CWE-79 CVE-2021-32782: Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected ve
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Pol
nvd
CVE-2021-37630MEDIUMCVSS 6.5fixed in 0.19.5≥ 0.20.0, < 0.20.11+1 more2021-09-07
CVE-2021-37630 [MEDIUM] CWE-639 CVE-2021-37630: Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected ve
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no wo
nvd
CVE-2019-15610MEDIUMCVSS 4.3fixed in 0.16.11≥ 0.16.12, < 0.17.82020-02-04
CVE-2019-15610 [MEDIUM] CWE-285 CVE-2019-15610: Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was r
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.
nvd