PT-2024-19280 · Nextcloud · Nextcloud Deck

Hackitbharat

Published

2024-01-18

Updated

2024-01-25

CVE-2024-22213

CVSS v3.1

0.0

None

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Deck versions prior to 1.9.5 Nextcloud Deck versions prior to 1.11.2

Description The issue allows users to be tricked into executing malicious code in their browser via HTML sent as a comment. This is a problem with the way the application handles comments, allowing for the execution of malicious HTML code.

Recommendations For versions prior to 1.9.5, upgrade to version 1.9.5 or later. For versions prior to 1.11.2, upgrade to version 1.11.2 or later. As a temporary workaround, consider restricting the use of HTML in comments until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-22213

GHSA-MG7W-X9FM-9WWC

Affected Products

Nextcloud Deck

PT-2024-19280 · Nextcloud · Nextcloud Deck

CVE-2024-22213

Weakness Enumeration

Related Identifiers

Affected Products

References · 9