CVE-2024-22213

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22213

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22213.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-22213

Aliases

GHSA-mg7w-x9fm-9wwc

Published

2024-01-18T19:11:40Z

Modified

2025-10-16T19:14:31.551965Z

Severity

0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVSS Calculator

Summary

Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

Details

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/nextcloud/deck

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/deck
Events: Introduced

d9014903ac9cc54303c8a340c15faca1672f9967

Fixed

3aa3d57c3b388a9b9b4856e6c39b55a70b54dc15

Type: GIT
Repo: https://github.com/nextcloud/deck
Events: Introduced

3c407c06ffdf34ae3f3599e124bea3fc84720070

Fixed

3be4068c8203abccf3f947f2114ad988665f4adc

Affected versions

v1.*

v1.10.0

v1.11.0

v1.11.0-beta.1

v1.11.1

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.4