CNNVD-202512-488 Information
CNNVD ID
CNNVD-202512-488
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在安全漏洞,该漏洞源于files_pdfviewer示例目录存在跨站脚本,可能导致任意JavaScript执行。以下版本受到影响:22.2.10.33之前版本、23.0.12.29之前版本、24.0.12.28之前版本、25.0.13.23之前版本、26.0.13.20之前版本、27.1.11.20之前版本、28.0.14.11之前版本、29.0.16.8之前版本、30.0.17之前版本、31.0.10之前版本和32.0.1之前版本。
Description (English)
Nextcloud is an open-source synchronised and shared communications application for Nextcloud, Germany. Nextcloud had a security loophole, which stemmed from the presence of a cross-site script in the Files pdfviewer catalogue, which could lead to arbitrary JavaScript implementation. The following versions were affected: pre-22.2.10.33, pre-23.0.12.29, pre-24.0.12.28, pre-25.0.13.23, pre-26.0.13.20, pre-27.1.11.20, pre-28.0.14.11, pre-29.0.16.8, pre-30.0.17, pre-31.010 and pre-32.2.1.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r https://nextcloud.com https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/
Patch
https://nextcloud.com/install/
Share on: