CVE-2023-39955
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk38th percentile — higher than 38% of all known CVEs
Summary
The Notes app in Nextcloud, from version 4.4.0 to 4.8.0, has an issue where HTML file content is rendered in the preview instead of being offered for download.
Risk Assessment
This may lead to unintended exposure of HTML file content, posing a risk to user data security.
Recommendation
It is recommended to update the Notes app to version 4.8.0, which contains a patch for this issue.
Original NVD description (English source)
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.

