4992 matches found
CVE-2023-25150
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
Design/Logic Flaw
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
CVE-2023-25150
CVE-2023-25150 corresponds to an access control flaw in Nextcloud Office (Collabora Integration): the Collabora integration can be tricked into providing access to other users’ files without proper permission validation. Affected are Nextcloud Office/Collabora Integration versions prior to 7.0.2 ...
CVE-2023-25150 Document content of files can be obtained through Collabora for files of other users
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...
Document content of files can be obtained through Collabora for files of other users
None...
Nextcloud 访问控制错误漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud office/richdocuments, which stems from the ability to spoof the Collabora integration so that permission...
Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)
An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...
PT-2023-19940 · Nextcloud · Nextcloud Office
Name of the Vulnerable Software and Affected Versions: Nextcloud Office versions prior to 7.0.2 Nextcloud Office versions prior to 6.3.2 Nextcloud Office versions prior to 5.0.10 Nextcloud Office versions prior to 4.2.9 Nextcloud Office versions prior to 3.8.7 Description: The Collabora integrati...
CVE-2023-23943
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
DEBIAN-CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
Design/Logic Flaw
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
Design/Logic Flaw
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
UBUNTU-CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942 Self reflected HTML injection in Desktop client
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942
CVE-2023-23942 affects the Nextcloud Desktop Client prior to 3.6.3. The issue is a lack of sanitisation on qml labels used for basic HTML elements (e.g., strong, em, head) in the UI, which may allow JavaScript injection. Affected versions:
CVE-2023-23942 Self reflected HTML injection in Desktop client
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...