CVE-2023-23942

🗓️ 06 Feb 2023 21:09:15Reported by [email protected]Type

The Nextcloud Desktop Client prior to 3.6.3 allows javascript injection via unsanitized qml label

Reporter	Title	Published	Views	Family All 14
CVE	CVE-2023-23942	6 Feb 202321:15	–	cve
UbuntuCve	CVE-2023-23942	6 Feb 202300:00	–	ubuntucve
AlpineLinux	CVE-2023-23942	6 Feb 202321:15	–	alpinelinux
Nextcloud	Self reflected HTML injection in Desktop client	6 Feb 202309:46	–	nextcloud
Prion	Design/Logic Flaw	6 Feb 202321:15	–	prion
Vulnrichment	CVE-2023-23942 Self reflected HTML injection in Desktop client	6 Feb 202320:23	–	vulnrichment
OSV	CVE-2023-23942	6 Feb 202321:15	–	osv
Cvelist	CVE-2023-23942 Self reflected HTML injection in Desktop client	6 Feb 202320:23	–	cvelist
Veracode	Cross-site Scripting (XSS)	10 Feb 202317:25	–	veracode
Debian CVE	CVE-2023-23942	6 Feb 202321:15	–	debiancve

Nvd

Node

nextcloud desktopRange<3.6.3

Source	Link
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg
hackerone	www.hackerone.com/reports/1788598
github	www.github.com/nextcloud/desktop/pull/5233

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Feb 2023 21:15Current

6Medium risk

Vulners AI Score6

CVSS36.1

EPSS0.00509

CWE-79