Lucene search
+L

202 matches found

Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.5 views

PT-2023-18524 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click o...

8.8CVSS8.6AI score0.00204EPSS
Exploits0References7
Veracode
Veracode
added 2022/12/05 5:27 a.m.27 views

Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. The vulnerability exists in ApplicationWindow function of Window.qml due to incorrectly neutralizes user-controllable input which allows an attacker to inject and execute malicious JavaScript...

5.4CVSS5.4AI score0.00918EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/12/05 5:26 a.m.29 views

Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application through the notifications...

5.4CVSS5.5AI score0.00897EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/11/25 8:15 p.m.4 views

DEBIAN-CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

6.1CVSS6.3AI score0.00915EPSS
Exploits1References1
OSV
OSV
added 2022/11/25 8:15 p.m.1 views

DEBIAN-CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS5.7AI score0.00918EPSS
Exploits1References1
OSV
OSV
added 2022/11/25 8:15 p.m.5 views

UBUNTU-CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

6.1CVSS5.8AI score0.00915EPSS
Exploits1References5
OSV
OSV
added 2022/11/25 8:15 p.m.2 views

UBUNTU-CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS5.8AI score0.00918EPSS
Exploits1References2
OSV
OSV
added 2022/11/25 7:15 p.m.7 views

DEBIAN-CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

5.4CVSS5.7AI score0.00897EPSS
Exploits1References1
OSV
OSV
added 2022/11/25 7:15 p.m.5 views

UBUNTU-CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

5.4CVSS5.8AI score0.00897EPSS
Exploits1References2
Nextcloud
Nextcloud
added 2022/11/25 11:32 a.m.37 views

nextcloudcmd incorrectly trusts bad TLS certificates

None...

4.7CVSS4.7AI score0.00201EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.4 views

CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

4.6CVSS6.1AI score0.00915EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.8 views

CVE-2022-39331 Cross-site Scripting (XSS) in Nexcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

4.6CVSS7.1AI score0.00897EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/25 12:0 a.m.5 views

CVE-2022-39332 Cross-site scripting (XSS) in Nextcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

4.6CVSS7.2AI score0.00918EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.6 views

PT-2022-24905 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. Recommendations: For versions prior to 3.6.1, upgrad...

8.8CVSS6AI score0.04698EPSS
Exploits10References53
Cvelist
Cvelist
added 2022/11/25 12:0 a.m.34 views

CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

4.6CVSS6.4AI score0.00915EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.5 views

PT-2022-24904 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. There are no known workarounds for this issue. Recommendations:...

8.8CVSS6AI score0.04698EPSS
Exploits10References52
OSV
OSV
added 2022/11/11 7:15 p.m.3 views

DEBIAN-CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

7.8CVSS7.2AI score0.00466EPSS
Exploits0References1
OSV
OSV
added 2022/11/11 7:15 p.m.21 views

UBUNTU-CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

7.8CVSS5.7AI score0.00466EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/11/11 12:0 a.m.3 views

CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

6.6CVSS7.6AI score0.00466EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.6 views

Nextcloud 代码注入漏洞

A security vulnerability exists in Nextcloud Desktop Client, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that its desktop client could be tricked into opening/executing local files when clicking o...

7.8CVSS6.6AI score0.00466EPSS
Exploits0References5
Rows per page
Query Builder