Home > Vulnerability Database > CVE-2023-23942

Mend.io Vulnerability Database

CVE-2023-23942

Date: February 6, 2023

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.

Severity Score

6.1

Related Resources (6)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23942

Url: https://security-tracker.debian.org/tracker/CVE-2023-23942

Url: https://hackerone.com/reports/1788598

Url: https://github.com/nextcloud/desktop/pull/5233

Url: https://www.mend.io/vulnerability-database/CVE-2023-23942

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23942

Date: February 6, 2023

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?