CVE-2019-15619

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-15619

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15619.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-15619

Published

2020-02-04T20:15:12.340Z

Modified

2026-04-10T04:15:06.234833Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.

References

Affected packages

Git / github.com/nextcloud/deck

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/deck

Events

Introduced

Fixed

7d52891eb80fab12aa698a8a4d6e0121e9ff0625

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.6.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

Fixed

a1a245e88202d834f08f4c2e4451dcbe9baee3aa

Introduced

Fixed

e4fb6d536ba55d633cb72a6eeab4c8ac209d8869

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "16.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.4"
        }
    ]
}

Affected versions

16.*

16.0.0RC2

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.0-beta1

v0.3.1

v0.4.0

v0.4.0-beta1

v0.4.0-beta2

v0.4.0-beta3

v0.4.0-beta4

v0.4.0-beta5

v0.4.1

v0.5.0

v0.5.0-beta1

v0.5.0-rc1

v0.5.0-rc2

v0.5.1

v0.5.2

v0.6.0

v0.6.0-beta1

v0.6.0-beta2

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v1.*

v1.0.0beta1

v11.*

v11.0.0

v11.0RC2

v12.*

v12.0.0beta1

v12.0.0beta2

v12.0.0beta3

v12.0.0beta4

v13.*

v13.0.0RC1

v13.0.0beta1

v13.0.0beta2

v13.0.0beta3

v13.0.0beta4

v14.*

v14.0.0RC1

v14.0.0RC2

v14.0.0beta1

v14.0.0beta2

v14.0.0beta3

v14.0.0beta4

v15.*

v15.0.0RC1

v15.0.0beta1

v15.0.0beta2

v16.*

v16.0.0

v16.0.0RC1

v16.0.0alpha1

v16.0.0beta1

v16.0.0beta2

v16.0.0beta3

v16.0.1

v16.0.1RC1

v16.0.2

v16.0.2RC1

v16.0.3

v16.0.4RC1

v3.*

v3.0

v4.*

v4.0.0

v4.0.0RC

v4.0.0RC2

v4.0.0beta

v4.0.1

v4.0.4

v4.0.5

v4.0.6

v4.5.0

v4.5.0RC1

v4.5.0RC2

v4.5.0RC3

v4.5.0beta3

v4.5.0beta4

v5.*

v5.0.0

v5.0.0RC1

v5.0.0RC2

v5.0.0RC3

v5.0.0alpha1

v5.0.0beta1

v5.0.0beta2

v6.*

v6.0.0

v6.0.0RC1

v6.0.0RC2

v6.0.0RC3

v6.0.0RC4

v6.0.0a

v6.0.0alpha2

v6.0.0beta2

v6.0.0beta3

v6.0.0beta4

v6.0.0beta5

v6.0.1

v6.0.1RC1

v6.0.2

v6.0.2RC1

v6.0.3

v6.0.3RC1

v6.0.4beta1

v7.*

v7.0.0alpha2

v7.0.0beta1

v8.*

v8.0.0

v8.0.0RC1

v8.0.0RC2

v8.0.0alpha1

v8.0.0alpha2

v8.0.0beta1

v8.0.0beta2

v8.1.0alpha1

v8.1.0alpha2

v8.1.0beta1

v8.1.0beta2

v8.1RC2

v8.2RC1

v8.2beta1

v9.*

v9.0.0beta2

v9.0beta1

v9.1.0beta1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15619.json"