CVE-2021-22878

Publication date

2021-03-03 17:39:51

Family

hackerone

State

PUBLISHED

Description

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.