New advisories

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

4 files changed, 90 insertions, 0 deletions

diff --git a/advisories/advisories.rss b/advisories/advisories.rss
index 0eee2deb..b9fb22a5 100644
--- a/advisories/advisories.rss
+++ b/advisories/advisories.rss
@@ -5,6 +5,18 @@
  <link>https://nextcloud.com/security/advisories/</link>
  <description>The Nextcloud security advisories as a RSS feed</description>
  <ttl>1800</ttl><item>
+  <title>Talk App: Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</title>
+  <description>&lt;p&gt;A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.&lt;/p&gt;&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2018-009&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+  <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-009</link>
+  <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-009</guid>
+  <pubDate>Fri, 10 Aug 2018 14:00:00 +0200</pubDate>
+ </item><item>
+  <title>Server: Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</title>
+  <description>&lt;p&gt;A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.&lt;/p&gt;&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2018-008&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
+  <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-008</link>
+  <guid isPermaLink="true">https://nextcloud.com/security/advisory/?id=nC-SA-2018-008</guid>
+  <pubDate>Fri, 10 Aug 2018 14:00:00 +0200</pubDate>
+ </item><item>
   <title>Server: Bypass of 2 Factor Authentication (NC-SA-2018-007)</title>
   <description>&lt;p&gt;Improper authentication of the second factor challenge would allow an attacker that had access to user credentials to bypass the second factor validation completely.&lt;/p&gt;&lt;br/&gt;&lt;hr/&gt;&lt;p&gt;&lt;strong&gt;&lt;a href=&quot;https://nextcloud.com/security/advisory/?id=nC-SA-2018-007&quot;&gt;For more information please consult the official advisory.&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description>
   <link>https://nextcloud.com/security/advisory/?id=nC-SA-2018-007</link>
diff --git a/advisories/full-list.php b/advisories/full-list.php
index dabe9220..c8b33ae3 100644
--- a/advisories/full-list.php
+++ b/advisories/full-list.php
@@ -2,6 +2,16 @@
 
 <h2>2018</h2>
 
+<h3>Nextcloud Server 13.0.5</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2018-008">Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</a> 2018-08-10</li>
+</ul>
+
+<h3>Talk App 3.2.5</h3>
+<ul>
+	<li><a href="/security/advisory/?id=NC-SA-2018-009">Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</a> 2018-08-10</li>
+</ul>
+
 <h3>Nextcloud Server 12.0.3</h3>
 <ul>
 	<li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li>
diff --git a/advisories/nc-sa-2018-008.php b/advisories/nc-sa-2018-008.php
new file mode 100644
index 00000000..f785c6f9
--- /dev/null
+++ b/advisories/nc-sa-2018-008.php
@@ -0,0 +1,34 @@
+<div class="row page-content-header">
+<div class="col-md-4">
+    <h1>Security Advisory</h1>
+    <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        <h2>Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</h2>
+        <p>10th August 2018</p>
+        <p>Risk level: <strong>Low</strong></p>
+        <p>CVSS v3 Base Score: 2.1 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N</a>)</p>
+        <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p>
+        
+        <h3>Description</h3>
+        <p><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.</p>
+</p>
+        <h3>Affected Software</h3>
+        <ul>
+            <li>Nextcloud Server &lt; <strong>13.0.5</strong> (CVE assignment pending)</li>
+
+        </ul>
+        <h3>Action Taken</h3>
+        <p><p>The error has been fixed.</p>
+</p>
+        <h3>Acknowledgements</h3>
+        <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+        <ul>
+            <li>Joas Schilling - Nextcloud GmbH (coding@schilljs.com) - Vulnerability discovery and disclosure.</li>
+        </ul>
+        <br/>
+        <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+    </div>
+</div>
diff --git a/advisories/nc-sa-2018-009.php b/advisories/nc-sa-2018-009.php
new file mode 100644
index 00000000..0b53bd7b
--- /dev/null
+++ b/advisories/nc-sa-2018-009.php
@@ -0,0 +1,34 @@
+<div class="row page-content-header">
+<div class="col-md-4">
+    <h1>Security Advisory</h1>
+    <a href="/security/advisories/">Back to advisories</a>
+</div>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        <h2>Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</h2>
+        <p>10th August 2018</p>
+        <p>Risk level: <strong>Low</strong></p>
+        <p>CVSS v3 Base Score: 2.1 (<a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N">AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N</a>)</p>
+        <p>CWE: <a href="https://cwe.mitre.org/data/definitions/79.html">Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</a></p>
+        
+        <h3>Description</h3>
+        <p><p>A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.</p>
+</p>
+        <h3>Affected Software</h3>
+        <ul>
+            <li>Nextcloud Talk &lt; <strong>3.2.5</strong> (CVE assignment pending)</li>
+
+        </ul>
+        <h3>Action Taken</h3>
+        <p><p>The error has been fixed.</p>
+</p>
+        <h3>Acknowledgements</h3>
+        <p>The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:</p>
+        <ul>
+            <li>Joas Schilling - Nextcloud GmbH (coding@schilljs.com) - Vulnerability discovery and disclosure.</li>
+        </ul>
+        <br/>
+        <small style="color:grey">This advisory is licensed <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA 4.0</a>.</small>
+    </div>
+</div>