CVE Catalog

CVE-2023-39955

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile — higher than 38% of all known CVEs

Summary

The Notes app in Nextcloud, from version 4.4.0 to 4.8.0, has an issue where HTML file content is rendered in the preview instead of being offered for download.

Risk Assessment

This may lead to unintended exposure of HTML file content, posing a risk to user data security.

Recommendation

It is recommended to update the Notes app to version 4.8.0, which contains a patch for this issue.

Original NVD description (English source)

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS