{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T02:46:24.999","vulnerabilities":[{"cve":{"id":"CVE-2019-15619","sourceIdentifier":"support@hackerone.com","published":"2020-02-04T20:15:12.340","lastModified":"2024-11-21T04:29:08.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project."},{"lang":"es","value":"Una neutralización inapropiada de los nombres de archivo, nombres de conversación y nombres de tarjeta en Nextcloud Server versión 16.0.3, Nextcloud Talk versión 6.0.3 y Nextcloud Deck versión 0.6.5, causa una vulnerabilidad de tipo XSS cuando se vinculan entre sí en un proyecto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.6","matchCriteriaId":"BF74F6C8-E3B7-4AC5-820E-02B75C748DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionEndExcluding":"16.0.4","matchCriteriaId":"4F7379C3-F476-42A7-BD34-63BEBB2745FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.4","matchCriteriaId":"31253046-1C67-45F5-AE9D-BF23F6846253"}]}]}],"references":[{"url":"https://hackerone.com/reports/662204","source":"support@hackerone.com","tags":["Permissions Required"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-008","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-009","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-010","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/662204","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-008","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-009","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://nextcloud.com/security/advisory/?id=NC-SA-2020-010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}