{"id":"MGASA-2018-0394","summary":"Updated nextcloud packages fix security vulnerability","details":"Nextcloud has been updated to 13.0.6 and fixes at least the following\nsecurity issue:\n\nA missing sanitization of search results for an autocomplete field could\nlead to a stored XSS requiring user-interaction. The missing sanitization\nonly affected user names, hence malicious search results could only be\ncrafted by authenticated users (CVE-2018-3780).\n","modified":"2026-04-16T06:24:50.880921316Z","published":"2018-10-14T00:58:33Z","upstream":["CVE-2018-3780"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0394.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23497"},{"type":"WEB","url":"https://nextcloud.com/changelog/#latest13"},{"type":"ADVISORY","url":"https://nextcloud.com/security/advisory/?id=NC-SA-2018-008"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-08/msg00154.html"}],"affected":[{"package":{"name":"nextcloud","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nextcloud?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.0.6-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0394.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}