CVE-2023-23942 Self reflected HTML injection in Desktop client

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

CVE-2023-23943

The CVE-2023-23943 entry affects Nextcloud Mail. Affected: Nextcloud Mail app; issue: insufficient validation of incoming requests in the smtpHost/server URL input allows blind SSRF to scan internal/local-network services; impact: documented as enabling discovery of internal services reachable fr...

CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app

Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...

CVE-2023-23944

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

Design/Logic Flaw

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

CVE-2023-23944

Nextcloud Mail app (for Nextcloud server) stored user passwords in cleartext in the database during the OAuth2 setup procedure in versions prior to 2.2.2. An attacker with database access could read these passwords until OAuth setup completes. Remediation: upgrade the Nextcloud Mail app to versio...

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

CVE-2023-23944 Nexcloud Mail app temporarily stores cleartext password in database

Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user...

Mail app temporarily stores cleartext password in database until OAuth2 setup is done

None...

Blind SSRF via server URL input in the Nextcloud Mail app

None...

Self reflected HTML injection in Desktop client

None...

PT-2023-19313 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.6.3 Description: The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such a...

Nextcloud 代码问题漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's...

Nextcloud 安全漏洞

An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Desktop Client versions prior to 3.6.3, which stems from a lack of cleanup of qml tags, leading to...