CVE-2023-23942

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop Client versions prior to 3.6.3

Description The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such as strong, em, and head lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection.

Recommendations For versions prior to 3.6.3, upgrade to version 3.6.3 to resolve the issue. As a temporary workaround, consider restricting the use of qml labels in the desktop client until a patch is available. However, since there are no known workarounds for this issue, upgrading to the recommended version is the best course of action.