CVE-2024-22213

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
CVSS

No CVSS.

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd - Patch () https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd - Patch
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc - Exploit, Patch, Vendor Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc - Exploit, Patch, Vendor Advisory
References () https://hackerone.com/reports/2058556 - Exploit, Issue Tracking, Third Party Advisory () https://hackerone.com/reports/2058556 - Exploit, Issue Tracking, Third Party Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 0.0

25 Jan 2024, 15:10

Type Values Removed Values Added
CWE CWE-79
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc - Exploit, Patch, Vendor Advisory
References () https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd - () https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd - Patch
References () https://hackerone.com/reports/2058556 - () https://hackerone.com/reports/2058556 - Exploit, Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

19 Jan 2024, 01:51

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-18 20:15

Updated : 2024-11-21 08:55


NVD link : CVE-2024-22213

Mitre link : CVE-2024-22213

CVE.ORG link : CVE-2024-22213


JSON object : View

Products Affected

nextcloud

  • deck
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')