Known Vulnerabilities
CVE-2017-0892
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
UNKNOWN
Published May 08, 2017
CVE-2017-0890
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
UNKNOWN
Published May 08, 2017
CVE-2017-0894
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
UNKNOWN
Published May 08, 2017