A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. References: https://hackerone.com/reports/685552
External References: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027
Created nextcloud tracking bugs for this issue: Affects: epel-7 [bug 1871763] Affects: fedora-all [bug 1871761] Created nextcloud-client tracking bugs for this issue: Affects: epel-7 [bug 1871764] Affects: fedora-all [bug 1871762]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.