ID	49297
Created	Jun 18, 2020
Updated	May 02, 2022
Severity
CVE ID	CVE-2021-22878
EPSS	0.08%
Coverage	IPS (Regular DB) IPS (Extended DB)
Default Action	drop
Active
Affected OS	All
Affected App	PHP_app

Legend

Active/Available
InActive/Not Available

Database Update History

Date	Version	Detail
2022-01-10	19.236	Name:FG-VD-20-082_Nextcloud. 0day:Nextcloud. NotificationShow. XSS
2020-06-30	15.876	Default_action:pass:drop
2020-06-18	15.867

Refine Search

Threat Encyclopedia

Nextcloud.NotificationShow.XSS

Description

This indicates an attack attempt against a Cross-Site Scripting vulnerability in Nextcloud Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary script code within the context of the application.

Affected Products

Nextcloud Server prior to 20.0.6

Impact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.

Recommended Actions

Apply the latest update from the vendor.
https://nextcloud.com/security/advisory/?id=NC-SA-2021-005

References

https://nextcloud.com/security/advisory/?id=NC-SA-2021-005 https://nextcloud.com/

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer