CVE-2023-48302

21.11.2023, 22:15

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup (Ctrl+Shift+V) the markup will actually render. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app text.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
GitHub_M	CNA	3.5 LOW	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 58%

Vendor	Product	Version
nextcloud	nextcloud_server	25.0.0 ≤ 𝑥 < 25.0.13
nextcloud	nextcloud_server	25.0.0 ≤ 𝑥 < 25.0.13
nextcloud	nextcloud_server	26.0.0 ≤ 𝑥 < 26.0.8
nextcloud	nextcloud_server	26.0.0 ≤ 𝑥 < 26.0.8
nextcloud	nextcloud_server	27.0.0 ≤ 𝑥 < 27.1.3
nextcloud	nextcloud_server	27.0.0 ≤ 𝑥 < 27.1.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p7g9-x25m-4h87

https://github.com/nextcloud/text/pull/4877

https://hackerone.com/reports/2211561

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p7g9-x25m-4h87

https://github.com/nextcloud/text/pull/4877

https://hackerone.com/reports/2211561