PT-2022-24906 · Nextcloud+2 · Nextcloud Desktop Client+2

B911Bade858Ce8E6A0F50F8

Published

2022-11-25

Updated

2025-09-18

CVE-2022-39333

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop client versions prior to 3.6.1

Description An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. There are no known workarounds for this issue.

Recommendations For versions prior to 3.6.1, upgrade the Nextcloud Desktop client to 3.6.1 to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-2019

ALT-PU-2023-4584

ALT-PU-2023-5197

CVE-2022-39333

DLA-4303-1

GHSA-92P9-X79H-2MJ8

OPENSUSE-SU-2023:0090-1

OPENSUSE-SU-2023:0171-1

Affected Products

Alt Linux

Debian

Nextcloud Desktop Client

PT-2022-24906 · Nextcloud+2 · Nextcloud Desktop Client+2

CVE-2022-39333

Weakness Enumeration

Related Identifiers

Affected Products

References · 30