CVE-2024-37317

The CVE-2024-37317 issue affects Nextcloud Notes: if an attacker shares a folder named Notes/ with a newly created user before login, the Notes app may store personal notes in that folder. This is tied to versions prior to 4.9.3. Exploitation status is not detailed in the provided documents. Reme...

CVE-2023-39955

Nextcloud Notes (for Nextcloud) is affected. A cross-site scripting issue exists in Notes versions 4.4.0 through 4.8.0 where creating a note file with HTML causes the content to render in the preview instead of offering the file for download. The issue is fixed in Notes 4.8.0. No workarounds are ...