mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
832 B
832 B
CVE-2018-3781
%20-%20Generic%20(CWE-79)&color=brighgreen)
Description
A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.
POC
Reference
Github
No PoCs found on GitHub currently.