PT-2023-8885 · Nextcloud+2 · Nextcloud Server+2

Max-Nextcloud

Publicado

2023-11-21

Atualizado

2025-01-24

CVE-2023-48302

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 25.0.0 through 25.0.12 Nextcloud Server versions 26.0.0 through 26.0.7 Nextcloud Server versions 27.0.0 through 27.1.2

Description The issue is related to the rendering of HTML code without markup when a user copy-pastes it using Ctrl+Shift+V. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Nextcloud Server versions 25.0.0 through 25.0.12, update to version 25.0.13 or later. For Nextcloud Server versions 26.0.0 through 26.0.7, update to version 26.0.8 or later. For Nextcloud Server versions 27.0.0 through 27.1.2, update to version 27.1.3 or later. As a temporary workaround, consider disabling the app text until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2023-7785

ALT-PU-2023-7786

ALT-PU-2024-1230

ALT-PU-2025-1855

BDU:2024-02548

CVE-2023-48302

GHSA-P7G9-X25M-4H87

Produtos afetados

Alt Linux

Nextcloud Server

Red Os

PT-2023-8885 · Nextcloud+2 · Nextcloud Server+2

CVE-2023-48302

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10