Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Nextcloud - HackerOne Reports

View on HackerOne

508

Total Reports

10

Critical

46

High

173

Medium

179

Low

Missing server side controls when editing the board’s sharing permissions per user

Reported by: warsocks | Disclosed:

High

Weakness: Improper Access Control - Generic

Dos in Form Submission at https://nextcloud.com/instant-trial/

Reported by: krrish_hackk | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Nextcloud mail does not respect download permissions in shares

Reported by: rullzer | Disclosed:

Low

Weakness: Improper Access Control - Generic

Bounty: $250.00

CSRF protection on OIDC login is broken

Reported by: mikaelgundersen | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $500.00

Cross Site Scripting

Reported by: lulliii | Disclosed:

Missing Rate Limiting protection leading to mass triggering of e-mails

Reported by: giligails | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

[Reflected XSS] In Request URL

Reported by: nstikhomirov | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Anonymous file drop page ignores user profile visibility restrictions

Reported by: pshknst | Disclosed:

Weakness: Information Disclosure

Reflected XSS in U2F plugin by shipping the example endpoints

Reported by: lukasreschke | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Can download files by zipping the folder

Reported by: nickvergessen | Disclosed:

Medium

Weakness: Improper Access Control - Generic

WebDAV Empty Property search leads to full CPU usage

Reported by: julzify | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Directory listing is enabled that exposes non public data through multiple path

Reported by: tibin_sunny | Disclosed:

Low

Weakness: Information Exposure Through Directory Listing

Issuer not verified from obtained token in user_oidc

Reported by: rullzer | Disclosed:

Medium

Bounty: $250.00

Reflected XSS vulnerability with full CSP bypass in Nextcloud installations using recommended bundle

Reported by: lukasreschke | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Session fixation on public talk links

Reported by: rtod | Disclosed:

Medium

Weakness: Session Fixation

Bounty: $100.00

Clear text storage of proxy parameters and passwords

Reported by: rbcafe | Disclosed:

Low

Weakness: Cleartext Storage of Sensitive Information

SSRF on local storage of iOS mobile

Reported by: l0l1ch3ng | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Broken link for wrong domain entry may be leveraged for Phishing, Misinformation, Serving Malware

Reported by: mehmil | Disclosed:

Low

Stored XSS/HTML injection in autocomplete suggestions for sharing

Reported by: sjw | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Code injection possible with malformed Nextcloud Talk chat commands

Reported by: covert-spectre | Disclosed:

High

Weakness: Code Injection

Previous Page 8 of 26 Next