Vulnerability Details CVE-2023-39955
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.1%
CVSS Severity
CVSS v3 Score 3.5
References
- https://github.com/nextcloud/notes/pull/1031
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6
- https://hackerone.com/reports/1924355
- https://github.com/nextcloud/notes/pull/1031
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6
- https://hackerone.com/reports/1924355
Products affected by CVE-2023-39955
-
cpe:2.3:a:nextcloud:notes:4.4.0
-
cpe:2.3:a:nextcloud:notes:4.5.0
-
cpe:2.3:a:nextcloud:notes:4.5.1
-
cpe:2.3:a:nextcloud:notes:4.6.0
-
cpe:2.3:a:nextcloud:notes:4.7.0
-
cpe:2.3:a:nextcloud:notes:4.7.1
-
cpe:2.3:a:nextcloud:notes:4.7.2