CVE-2018-3781

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-3781
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3781.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-3781
Published
2018-08-13T19:29:01.997Z
Modified
2026-04-10T04:10:35.822779Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.

References

Affected packages

Git / github.com/nextcloud/talk-android

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/talk-android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
515a17869c0c1c2136bef3c181be334d7e933c63
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.5"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v1.*
v1.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.0beta1
v1.1.0beta2
v1.1.0beta3
v1.1.0beta4
v1.1.1
v1.2.0beta1
v1.2.0beta2
v1.2.0beta3
v2.*
v2.0.0
v2.0.0beta4
v2.0.0beta5
v2.1.0
v2.1.0beta1
v2.1.0beta2
v2.1.0beta3
v2.1.0beta4
v2.1.0beta5
v3.*
v3.0.0
v3.0.0beta1
v3.0.0beta10
v3.0.0beta3
v3.0.0beta4
v3.0.0beta5
v3.0.0beta6
v3.0.0beta7
v3.0.0beta8
v3.0.1
v3.1.0
v3.1.0beta1
v3.1.0beta2
v3.1.0beta3
v3.1.0beta4
v3.1.0beta5
v3.1.0beta6
v3.2.0beta1
v3.2.0beta2
v3.2.0beta3
v3.2.0beta4
v3.2.0beta5
v3.2.2
v3.2.3
v3.2.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3781.json"