Lucene search
Veracode Vulnerability DatabaseVERACODE:39203HistoryFeb 10, 2023 - 5:25 p.m.
Cross-site Scripting (XSS)
2023-02-1017:25:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
nextcloud
cross-site scripting
vulnerable
sanitisation
javascript
EPSS
0.001
Percentile
38.8%
nextcloud-desktop is vulnerable to Cross-site Scripting (XSS) attacks. Missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client, allows an attacker to inject and execute malicious javascript on victim’s browser.
Related
prion
prion
Design/Logic Flaw
2023-02-06 21:15:00
debiancve
debiancve
CVE-2023-23942
2023-02-06 21:15:09
nvd
nvd
CVE-2023-23942
2023-02-06 21:15:09
ubuntucve
ubuntucve
CVE-2023-23942
2023-02-06 00:00:00
cve
cve
CVE-2023-23942
2023-02-06 21:15:09
alpinelinux
alpinelinux
CVE-2023-23942
2023-02-06 21:15:09
nextcloud
nextcloud
Self reflected HTML injection in Desktop client
2023-02-06 09:46:48
osv
osv
CVE-2023-23942
2023-02-06 21:15:09
cvelist
cvelist
CVE-2023-23942 Self reflected HTML injection in Desktop client
2023-02-06 20:23:06
openvas
openvas
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)
2024-03-04 00:00:00
nessus
nessus
openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0171-1)
2023-07-11 00:00:00
openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0090-1)
2023-04-13 00:00:00