Home > Vulnerability Database > CVE-2022-39332

Mend.io Vulnerability Database

CVE-2022-39332

Date: November 24, 2022

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

Language: QML

Severity Score

4.6

Related Resources (6)

Url: https://github.com/nextcloud/desktop/pull/4972

Url: https://security-tracker.debian.org/tracker/CVE-2022-39332

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39332

Url: https://hackerone.com/reports/1707977

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p

Url: https://www.mend.io/vulnerability-database/CVE-2022-39332

Severity Score

4.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39332

Date: November 24, 2022

Language: QML

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?