CVE-2022-39331Cross-site Scripting in Security-advisories

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
CNA4.6
EPSS
0.4%
top 39.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Desktop
Timeline
PublishedNov 25

Description

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDnextcloud/desktop< 3.6.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
CVEList
Cross-site Scripting (XSS) in Nexcloud Desktop Client2022-11-25
OSV
CVE-2022-39331: Nexcloud desktop is the Desktop sync client for Nextcloud2022-11-25

📋Vendor Advisories

1
Debian
CVE-2022-39331: nextcloud-desktop - Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can injec...2022
CVE-2022-39331 — Cross-site Scripting | cvebase