Max-Nextcloud

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions 25.0.0 through 25.0.12 Nextcloud Server versions 26.0.0 through 26.0.7 Nextcloud Server versions 27.0.0 through 27.1.2 **Description** The issue is related to the rendering of HTML code without markup when a user copy-pastes it using Ctrl+Shift+V. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For Nextcloud Server versions 25.0.0 through 25.0.12, update to version 25.0.13 or later. For Nextcloud Server versions 26.0.0 through 26.0.7, update to version 26.0.8 or later. For Nextcloud Server versions 27.0.0 through 27.1.2, update to version 27.1.3 or later. As a temporary workaround, consider disabling the app text until a patch is available.