4 matches found
CVE-2022-39338
useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...
CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc
useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...
CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc
useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...
CVE-2022-39338
CVE-2022-39338 concerns Nextcloud’s user_oidc OpenID Connect backend. Connected sources confirm the issue is a stored XSS vulnerability caused by improper validation of discovery URLs in versions prior to 1.2.1, with exploitation demonstrated specifically in Safari (workarounds and CSP limitation...