Home > Vulnerability Database > CVE-2024-22213

Mend.io Vulnerability Database

CVE-2024-22213

Good to know:

Date: January 18, 2024

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.

Language: VUE

Severity Score

5.4

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22213

Url: https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc

Url: https://hackerone.com/reports/2058556

Url: https://www.mend.io/vulnerability-database/CVE-2024-22213

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v1.9.5,v1.11.2

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22213

Good to know:

Date: January 18, 2024

Language: VUE

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?