Описание
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- ExploitPatchVendor Advisory
- ExploitIssue TrackingThird Party Advisory
- Patch
- ExploitPatchVendor Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.9.0 (включая) до 1.9.5 (исключая)Версия от 1.10.0 (включая) до 1.11.2 (исключая)
Одно из
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00369
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
EPSS
Процентиль: 58%
0.00369
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79