CVE-2023-48302

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-48302
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48302.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-48302
Aliases
  • GHSA-p7g9-x25m-4h87
Published
2023-11-21T22:15:07Z
Modified
2024-06-06T14:32:07.666944Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v26.*

v26.0.0
v26.0.1
v26.0.1rc1
v26.0.2
v26.0.2rc1
v26.0.3
v26.0.3rc1
v26.0.3rc2
v26.0.4
v26.0.4rc1
v26.0.4rc2
v26.0.5
v26.0.5rc1
v26.0.6
v26.0.6rc1
v26.0.7
v26.0.8rc1
v26.0.8rc2