Matuhn

**Name of the Vulnerable Software and Affected Versions** Nextcloud Desktop Client versions prior to 3.6.3 **Description** The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such as `strong`, `em`, and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. **Recommendations** For versions prior to 3.6.3, upgrade to version 3.6.3 to resolve the issue. As a temporary workaround, consider restricting the use of qml labels in the desktop client until a patch is available. However, since there are no known workarounds for this issue, upgrading to the recommended version is the best course of action.