Lucene search
GitHub_MCVELIST:CVE-2021-32733HistoryJul 12, 2021 - 9:05 p.m.
CVE-2021-32733 XSS in Nextcloud Text application
2021-07-1221:05:12
CWE-79
GitHub_M
raw.githubusercontent.com
1
Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present in versions prior to 19.0.13, 20.0.11, and 21.0.3. The Nextcloud Text application shipped with Nextcloud server used a text/html Content-Type when serving files to users. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, use a browser that has support for Content-Security-Policy.
Related
prion
prion
Cross site scripting
2021-07-12 21:15:00
osv
osv
CVE-2021-32733
2021-07-12 21:15:07
hackerone
hackerone
cve
cve
CVE-2021-32733
2021-07-12 21:15:00
nextcloud
nextcloud
XSS in Nextcloud Text application
2021-07-12 09:23:16
archlinux
archlinux
[ASA-202107-22] nextcloud: multiple issues
2021-07-14 00:00:00
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (Jul 2021)
2021-07-16 00:00:00