Nextcloud · Nextcloud Calendar · CVE-2024-37316
**Name of the Vulnerable Software and Affected Versions**
Nextcloud Calendar versions prior to 4.6.8
Nextcloud Calendar versions prior to 4.7.2
**Description**
The issue allows authenticated users to create an event with manipulated attachment data, leading to a bad redirect for participants when clicked.
**Recommendations**
For versions prior to 4.6.8, upgrade to version 4.6.8.
For versions prior to 4.7.2, upgrade to version 4.7.2.