PT-2022-24905 · Nextcloud+2 · Nextcloud Desktop Client+2

B911Bade858Ce8E6A0F50F8

Published

2022-11-25

Updated

2025-09-18

CVE-2022-39332

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop client versions prior to 3.6.1

Description An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information.

Recommendations For versions prior to 3.6.1, upgrade the Nextcloud Desktop client to 3.6.1. As a temporary workaround, consider restricting user input for status and information to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-2019

ALT-PU-2023-4584

ALT-PU-2023-5197

CVE-2022-39332

DLA-4303-1

GHSA-Q9F6-4R6R-H74P

OPENSUSE-SU-2023:0090-1

OPENSUSE-SU-2023:0171-1

Affected Products

Alt Linux

Debian

Nextcloud Desktop Client

PT-2022-24905 · Nextcloud+2 · Nextcloud Desktop Client+2

CVE-2022-39332

Weakness Enumeration

Related Identifiers

Affected Products

References · 30