Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
暴露危险的方法或函数
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在安全漏洞,该漏洞源于files_pdfviewer示例目录存在跨站脚本,可能导致任意JavaScript执行。以下版本受到影响:22.2.10.33之前版本、23.0.12.29之前版本、24.0.12.28之前版本、25.0.13.23之前版本、26.0.13.20之前版本、27.1.11.20之前版本、28.0.14.11之前版本、29.0.16.8之前版本、30.0.17之前版本、3
CVSS Information
N/A
Vulnerability Type
N/A