Cross-site Scripting (XSS)

2022-12-0505:27:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

nextcloud-desktop

applicationwindow

window.qml

javascript

vulnerability

EPSS

0.001

Percentile

26.4%

JSON

nextcloud-desktop is vulnerable to cross-site scripting. The vulnerability exists in ApplicationWindow function of Window.qml due to incorrectly neutralizes user-controllable input which allows an attacker to inject and execute malicious JavaScript.