Releases110
Frequency3 weeks 2 days
Last Release
Stars373
๐Ÿ“ Simple form & survey app for Nextcloud

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
>= 4.3.0, < 5.2.75.3 MEDIUMโ€”

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had results access. This issue has been patched in version 5.2.7.

โ€”6.5 MEDIUMโ€”

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6.

< 1.2.1, >= 1.3.0, < 1.3.25.3 MEDIUM5 MEDIUM

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.