Lucene search
K

4 matches found

NVD
NVD
added 2022/11/25 7:15 p.m.34 views

CVE-2022-39338

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

5.4CVSS0.00583EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.32 views

CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

3.5CVSS5.4AI score0.00583EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.5 views

CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

3.5CVSS5.2AI score0.00583EPSS
Exploits0References3
CVE
CVE
added 2022/11/25 12:0 a.m.67 views

CVE-2022-39338

CVE-2022-39338 concerns Nextcloud’s user_oidc OpenID Connect backend. Connected sources confirm the issue is a stored XSS vulnerability caused by improper validation of discovery URLs in versions prior to 1.2.1, with exploitation demonstrated specifically in Safari (workarounds and CSP limitation...

5.4CVSS4.4AI score0.00583EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder