Known Vulnerabilities
CVE-2021-22878
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
UNKNOWN
Published Mar 03, 2021
CVE-2021-22877
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
UNKNOWN
Published Mar 03, 2021