Lucene search

CVE-2022-39332

🗓️ 25 Nov 2022 20:10:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 63 Views

Nexcloud desktop sync client allows arbitrary HTML injection via user status. Upgrade to 3.6.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 14
Prion	Design/Logic Flaw	25 Nov 202220:15	–	prion
OSV	CVE-2022-39332	25 Nov 202220:15	–	osv
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2022-39332	5 Mar 202500:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0171-1)	11 Jul 202300:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0090-1)	13 Apr 202300:00	–	nessus
Veracode	Cross-site Scripting (XSS)	5 Dec 202205:27	–	veracode
Debian CVE	CVE-2022-39332	25 Nov 202220:15	–	debiancve
Cvelist	CVE-2022-39332 Cross-site scripting (XSS) in Nextcloud Desktop Client	25 Nov 202200:00	–	cvelist
UbuntuCve	CVE-2022-39332	25 Nov 202200:00	–	ubuntucve
Nextcloud	XSS in Desktop Client via user status and information	25 Nov 202211:30	–	nextcloud

Nvd

Vulners

Node

nextcloud desktopRange<3.6.1

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": "< 3.6.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nextcloud/desktop/pull/4972
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
hackerone	www.hackerone.com/reports/1707977

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Nov 2022 20:15Current

5Medium risk

Vulners AI Score5

CVSS34.6 - 5.4

EPSS0.00261

CWE-79