Main Vulnerability Database Vulnerabilities #VU46083

#VU46083 Cross-site scripting in desktop - CVE-2020-8189

Published: August 21, 2020 / Updated: August 27, 2020

Vulnerability identifier: #VU46083

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8189

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
desktop

Software vendor:
Nextcloud

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.

Remediation

Install update from vendor's website.

External links

https://hackerone.com/reports/685552
https://nextcloud.com/security/advisory/?id=NC-SA-2020-027

#VU46083 Cross-site scripting in desktop - CVE-2020-8189

Description

Remediation

External links

Please verify you're human