Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Mail stored HTML injection in subject text
Vulnerability Description
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nextcloud Mail 跨站脚本漏洞
Vulnerability Description
Nextcloud Mail是德国Nextcloud公司的一个电子邮件。 Nextcloud Mail 5.5.3之前版本存在跨站脚本漏洞,该漏洞源于邮件列表中存在存储型HTML注入,可能导致HTML注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A