Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-21T21:26:21.288Z

Updated: 2024-10-11T14:20:17.201Z

Reserved: 2023-11-14T17:41:15.571Z

Link: CVE-2023-48301

cve-icon Vulnrichment

Updated: 2024-08-02T21:23:39.483Z

cve-icon NVD

Status : Analyzed

Published: 2023-11-21T22:15:07.490

Modified: 2023-11-30T15:14:00.427

Link: CVE-2023-48301

cve-icon Redhat

No data.