3 matches found
CVE-2022-24838
The CVE-2022-24838 issue affects Nextcloud Calendar (the calendar app for Nextcloud). The vulnerability arises because newlines and special characters in the email value within the JSON request are not sanitized, allowing an attacker to break out of the SMTP command RCPT TO: and inject arbitrary ...
CVE-2023-33183
Summary: CVE-2023-33183 affects the Nextcloud Calendar app. An issue disclosed internal website paths when the SMTP server is unavailable, enabling information disclosure. Affected versions (Calendar app): prior to 3.5.5 and prior to 4.2.3. Impact (per sources): exposure of internal paths; limite...
CVE-2018-3763
Nextcloud Calendar versions prior to 1.5.8 and 1.6.1 contain a stored XSS in the calendar autocomplete search results for group names. The vulnerability arises from missing sanitization of search results, and exploitation is limited to privileged users (admins/group admins) crafting malicious res...