Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nextcloud Contacts 跨站脚本漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。Nextcloud Contacts是其中的一个用于同步和管理联系人的应用程序。 Nextcloud Contacts 2.1.2之前版本中存在跨站脚本漏洞,该漏洞源于程序没有过滤搜索结果。远程攻击者可利用该漏洞构建恶意的搜索结果。
CVSS Information
N/A
Vulnerability Type
N/A