5 matches found
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0171-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0171-1 advisory. - Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client...
CVE-2023-23942
CVE-2023-23942 affects the Nextcloud Desktop Client prior to 3.6.3. The issue is a lack of sanitisation on qml labels used for basic HTML elements (e.g., strong, em, head) in the UI, which may allow JavaScript injection. Affected versions:
CVE-2023-23942 Self reflected HTML injection in Desktop client
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...