PT-2022-24906 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. There are no known workarounds for this issue. Recommendations: For versions prior t...

PT-2022-24904 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. There are no known workarounds for this issue. Recommendations:...

CVE-2022-39338

CVE-2022-39338 concerns Nextcloud’s user_oidc OpenID Connect backend. Connected sources confirm the issue is a stored XSS vulnerability caused by improper validation of discovery URLs in versions prior to 1.2.1, with exploitation demonstrated specifically in Safari (workarounds and CSP limitation...

Nextcloud 资源管理错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A resource management error vulnerability exists in Nextcloud Server that stems from not properly restricting a user's display name, which could allow a...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud useroidc 1.2.1, which stems from the fact that sensitive information such as OIDC client...

CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

CVE-2022-39346 Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to...

CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

Nextcloud Talk 安全漏洞

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A security vulnerability exists in versions prior to Nextcloud Talk 14.1.0 that stems from the receiver not being protected by broadcastPermission, allowing malicious applications to monitor...

CVE-2022-39331

CVE-2022-39331 affects the Nextcloud desktop client. An attacker can inject arbitrary HTML into the Desktop Client notifications due to insufficient input sanitisation. Public advisories (OpenSUSE/OpenSUSE SU, Debian LTS) and the Debian/NVD entries reference this issue, with remediation recommend...

PT-2022-26156 · Nextcloud · Nextcloud Talk Android

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk Android versions prior to 14.1.0 Description: The issue affects the Nextcloud Talk Android, which is the Android OS implementation of the Nextcloud Talk chat system. In affected versions, the receiver is not protected by...

CVE-2022-39331 Cross-site Scripting (XSS) in Nexcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

CVE-2022-39346

CVE-2022-39346 affects Nextcloud Server. Affected versions did not properly limit user display names, which could allow a malicious user to overload the backing database and trigger a denial of service. OpenSUSE advisory confirms the issue and attributes exploitation to missing length validation ...

Nextcloud 输入验证错误漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An input validation error vulnerability exists in versions prior to Nextcloud useroidc 1.2.1, which stems from an endpoint applying a restricted CSP, which...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nexcloud desktop versions prior to 3.6.1, which originates from an attacker being able to inject arbitrary...

CVE-2022-39333

CVE-2022-39333 affects the Nextcloud Desktop Client. An attacker can inject arbitrary HTML into the Desktop Client application, enabling potential HTML/JS injection via the UI. Affected software: Nextcloud Desktop client prior to upgrade. Mitigation: upgrade to Nextcloud Desktop version 3.6.1 or ...

Nextcloud 信任管理问题漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A trust management issue vulnerability exists in versions of Nextcloud desktop prior to 3.6.1, which stems from the possibility of incorrectly trusting invalid TLS...

CVE-2022-41926

CVE-2022-41926 concerns the Nextcloud Talk Android app. The receiver component is not protected by broadcastPermission in affected versions, enabling a malicious app to monitor communication locally. The issue is tied to Nextcloud Talk Android prior to 14.1.0. Remediation in all sources is to upg...

CVE-2022-41926 Nextcloud Talk Android broadcast incorrect permission handling

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nexcloud desktop versions prior to 3.6.1, which originates from an attacker being able to inject arbitrary...