CVE-2019-15619

{"id": "CVE-2019-15619", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-02-04T20:15:12.340", "references": [{"url": "https://hackerone.com/reports/662204", "tags": ["Permissions Required"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-008", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-009", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2020-010", "tags": ["Vendor Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inapropiada de los nombres de archivo, nombres de conversaci\u00f3n y nombres de tarjeta en Nextcloud Server versi\u00f3n 16.0.3, Nextcloud Talk versi\u00f3n 6.0.3 y Nextcloud Deck versi\u00f3n 0.6.5, causa una vulnerabilidad de tipo XSS cuando se vinculan entre s\u00ed en un proyecto."}], "lastModified": "2020-02-12T16:23:41.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF74F6C8-E3B7-4AC5-820E-02B75C748DC5", "versionEndExcluding": "0.6.6"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F7379C3-F476-42A7-BD34-63BEBB2745FB", "versionEndExcluding": "16.0.4"}, {"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31253046-1C67-45F5-AE9D-BF23F6846253", "versionEndExcluding": "6.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}