Cross-site Scripting (XSS)

2022-12-0505:26:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

xss

nextcloud-desktop

desktop client

application

notifications

software

EPSS

0.001

Percentile

26.4%

JSON

nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application through the notifications

References

github.com/nextcloud/desktop/pull/4944

github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5

hackerone.com/reports/1668028

security-tracker.debian.org/tracker/CVE-2022-39331

EPSS

0.001

Percentile

26.4%

JSON

Related for VERACODE:38332