PT-2022-24904 · Nextcloud+2 · Nextcloud Desktop Client+2

B911Bade858Ce8E6A0F50F8

Published

2022-11-25

Updated

2025-09-18

CVE-2022-39331

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop client versions prior to 3.6.1

Description An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. There are no known workarounds for this issue.

Recommendations For versions prior to 3.6.1, upgrade the Nextcloud Desktop client to 3.6.1 to resolve the issue. As a temporary workaround, consider restricting the display of notifications in the Desktop Client application until the upgrade is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-2019

ALT-PU-2023-4584

ALT-PU-2023-5197

CVE-2022-39331

DLA-4303-1

GHSA-C3XH-Q694-6RC5

OPENSUSE-SU-2023:0090-1

OPENSUSE-SU-2023:0171-1

Affected Products

Alt Linux

Debian

Nextcloud Desktop Client

PT-2022-24904 · Nextcloud+2 · Nextcloud Desktop Client+2

CVE-2022-39331

Weakness Enumeration

Related Identifiers

Affected Products

References · 29