5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
17.6%
The Nextcloud Desktop Client
application does not properly neutralize the Full Name
and Status Message
of users before using them.
Nextcloud Server
applicationFull Name
of your user to <img src="https://avatars.githubusercontent.com/u/99037623">
Status Message
of your user to <img src="https://avatars.githubusercontent.com/u/99037623">
Nextcloud Desktop Client
application onto a machine that is running the Windows 10
operating systemNextcloud Desktop Client
applicationFull Name
and Status Message
of your user are treated as HyperText Markup Language
{F1945608}
An attacker can inject arbitrary HyperText Markup Language
into the Nextcloud Desktop Client
application.
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
17.6%