CVE-2024-22213 NONE

CVE-2024-22213: Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

Vendor Nextcloud

Product security-advisories

Weakness CWE-79 · XSS

Published January 18, 2024

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

0.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N

What the vulnerability does

01Description

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

January 18, 2024 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-22213

Related vulnerabilities

04Related CVE

CVE-2024-35779 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability CVE-2025-13967 Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute CVE-2024-53731 WordPress Fintelligence Calculator plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2023-31071 WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS) CVE-2024-11462 Filestack Official <= 2.1.0 - Reflected Cross-Site Scripting

Identifiers

CVE CVE-2024-22213

CWE CWE-79

CVSS 0.0 / NONE

Affected versions

Vendor Nextcloud

Product security-advisories

Affected >= 1.9.0, < 1.9.5

Vendor Nextcloud

Product security-advisories

Affected >= 1.10.0, < 1.11.2