The Nextcloud Desktop Client
application does not properly neutralize the Full Name
and Status Message
of users before using them.
Nextcloud Server
applicationFull Name
of your user to <img src="https://avatars.githubusercontent.com/u/99037623">
Status Message
of your user to <img src="https://avatars.githubusercontent.com/u/99037623">
Nextcloud Desktop Client
application onto a machine that is running the Windows 10
operating systemNextcloud Desktop Client
applicationFull Name
and Status Message
of your user are treated as HyperText Markup Language
{F1945608}
An attacker can inject arbitrary HyperText Markup Language
into the Nextcloud Desktop Client
application.