Server side cross-site scripting In nextcloud-desktop
Description
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 11 | 3.1.1-2+deb11u2 | ||
debian 12 | 3.6.1-1 | ||
debian 13 | 3.6.1-1 | ||
debian 14 | 3.6.1-1 |
Aliases
1. 2. 3. 4. 5.