Nextcloud Notes vulnerabilities

CVE-2024-37317 [MEDIUM] CWE-284 CVE-2024-37317: The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.

CVE-2023-39955 [MEDIUM] CWE-79 CVE-2023-39955: Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 a Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.