EPSS
Percentile
26.4%
nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application through the notifications
github.com/nextcloud/desktop/pull/4944
github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
hackerone.com/reports/1668028
security-tracker.debian.org/tracker/CVE-2022-39331