B911Bade858Ce8E6A0F50F8

#16679of 53,633
16.1Total CVSS
Vulnerabilities · 3
Medium
3
PT-2022-24904
4.6
2022-11-25
Nextcloud · Nextcloud Desktop Client · CVE-2022-39331
**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop client versions prior to 3.6.1 **Description** An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. There are no known workarounds for this issue. **Recommendations** For versions prior to 3.6.1, upgrade the Nextcloud Desktop client to 3.6.1 to resolve the issue. As a temporary workaround, consider restricting the display of notifications in the Desktop Client application until the upgrade is applied.
PT-2022-24905
5.4
2022-11-25
Nextcloud · Nextcloud Desktop Client · CVE-2022-39332
**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop client versions prior to 3.6.1 **Description** An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. **Recommendations** For versions prior to 3.6.1, upgrade the Nextcloud Desktop client to 3.6.1. As a temporary workaround, consider restricting user input for status and information to minimize the risk of exploitation.
PT-2022-24906
6.1
2022-11-25
Nextcloud · Nextcloud Desktop Client · CVE-2022-39333
**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop client versions prior to 3.6.1 **Description** An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. There are no known workarounds for this issue. **Recommendations** For versions prior to 3.6.1, upgrade the Nextcloud Desktop client to 3.6.1 to resolve the issue.