CVE-2023-39955
Nextcloud Notes (for Nextcloud) is affected. A cross-site scripting issue exists in Notes versions 4.4.0 through 4.8.0 where creating a note file with HTML causes the content to render in the preview instead of offering the file for download. The issue is fixed in Notes 4.8.0. No workarounds are ...