GitHub_MCVELIST:CVE-2024-22213CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
EPSS
Percentile
20.0%
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
CNA Affected
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": ">= 1.9.0, < 1.9.5",
"status": "affected"
},
{
"version": ">= 1.10.0, < 1.11.2",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
EPSS
Percentile
20.0%