MikeisastarH1:1707977Nextcloud: XSS in Desktop Client via user status and information
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
17.6%
Summary:
The Nextcloud Desktop Client application does not properly neutralize the Full Name and Status Message of users before using them.
Steps To Reproduce:
Server Machine:
- Install the
Nextcloud Serverapplication - Log into your account
- Navigate to your profile page
- Set the
Full Nameof your user to<img src="https://avatars.githubusercontent.com/u/99037623"> - Set the
Status Messageof your user to<img src="https://avatars.githubusercontent.com/u/99037623">
Client Machine:
- Install the
Nextcloud Desktop Clientapplication onto a machine that is running theWindows 10operating system - Log into your account
- Open the main dialog window of the
Nextcloud Desktop Clientapplication - Observe that the
Full NameandStatus Messageof your user are treated asHyperText Markup Language
Supporting Material/References:
{F1945608}
Impact
An attacker can inject arbitrary HyperText Markup Language into the Nextcloud Desktop Client application.
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
17.6%