Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
CVSS
No CVSS.
References
Link | Resource |
---|---|
https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc | Exploit Patch Vendor Advisory |
https://hackerone.com/reports/2058556 | Exploit Issue Tracking Third Party Advisory |
https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc | Exploit Patch Vendor Advisory |
https://hackerone.com/reports/2058556 | Exploit Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd - Patch | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc - Exploit, Patch, Vendor Advisory | |
References | () https://hackerone.com/reports/2058556 - Exploit, Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 0.0 |
25 Jan 2024, 15:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc - Exploit, Patch, Vendor Advisory | |
References | () https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd - Patch | |
References | () https://hackerone.com/reports/2058556 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
19 Jan 2024, 01:51
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-18 20:15
Updated : 2024-11-21 08:55
NVD link : CVE-2024-22213
Mitre link : CVE-2024-22213
CVE.ORG link : CVE-2024-22213
JSON object : View
Products Affected
nextcloud
- deck
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')