Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3763 | 1 Nextcloud | 1 Calendar | 2023-02-28 | 3.5 LOW | 4.8 MEDIUM |
| In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | |||||
| CVE-2022-24838 | 1 Nextcloud | 1 Calendar | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the `RCPT TO:<BOOKING USER'S EMAIL> ` SMTP command and begin injecting arbitrary SMTP commands. It is recommended that Calendar is upgraded to 3.2.2. There are no workaround available. | |||||