Weakness: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
This section is open source, for any additional information that enhances or clarifies the official advisory above.
Exploits for CVE-2020-8294 are not publicly available.
Nextcloud: Stored XSS in markdown file with Nextcloud Talk using Internet Explorer
submitted by verg 3 months ago
publicly disclosed 9 days ago