CVE-2023-48301

EUVD-2023-52361

21.11.2023, 22:15

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
GitHub_M	CNA	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Affected Products (NVD)

Vendor	Product	Version
nextcloud	nextcloud_server	25.0.0 ≤ 𝑥 ≤ 25.0.13
nextcloud	nextcloud_server	25.0.0 ≤ 𝑥 < 25.0.13
nextcloud	nextcloud_server	26.0.0 ≤ 𝑥 ≤ 26.0.8
nextcloud	nextcloud_server	26.0.0 ≤ 𝑥 < 26.0.8
nextcloud	nextcloud_server	27.0.0 ≤ 𝑥 ≤ 27.1.3
nextcloud	nextcloud_server	27.0.0 ≤ 𝑥 < 27.1.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://github.com/nextcloud/circles/pull/1415

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6

https://hackerone.com/reports/2210038

https://github.com/nextcloud/circles/pull/1415

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wgpw-qqq2-gwv6

https://hackerone.com/reports/2210038