Lucene search
China National Vulnerability DatabaseCNVD-2023-64380HistoryAug 14, 2023 - 12:00 a.m.
Nextcloud Notes Cross-Site Scripting Vulnerability
2023-08-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
nextcloud
xss
vulnerability
versions
cross-site scripting
attack
html
preview
EPSS
0.001
Percentile
23.8%
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Notes version 4.4.0 up to and including 4.8.0, which stems from the fact that when a notes file is created using HTML, the content is rendered in a preview instead of the file being offered for download. An attacker could exploit this vulnerability to cause a cross-site scripting attack.
Related
nextcloud
nextcloud
Notes attachment render HTML in preview mode
2023-08-10 07:11:01
hackerone
hackerone
Nextcloud: Notes attachments render HTML in preview mode
2023-03-29 19:40:30
prion
prion
Design/Logic Flaw
2023-08-10 15:15:00
nvd
nvd
CVE-2023-39955
2023-08-10 15:15:09
cve
cve
CVE-2023-39955
2023-08-10 15:15:09
osv
osv
CVE-2023-39955
2023-08-10 15:15:09
cvelist
cvelist
CVE-2023-39955 Notes attachment render HTML in preview mode
2023-08-10 14:53:42