CVE-2021-32782Cross-site Scripting in Security-advisories

CWE-79Cross-site Scripting2 documents2 sources
Severity
5.4MEDIUMNVD
CNA5.8
EPSS
0.4%
top 41.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Circles
Timeline
PublishedSep 7

Description

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDnextcloud/circles0.20.00.20.10+2
CVEListV5nextcloud/security-advisories< 0.19.1+2

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Cross-Site Scripting in Nextcloud Circles2021-09-07
CVE-2021-32782 — Cross-site Scripting | cvebase