CNNVD-202512-655 Information
Dec 05, 2025
cve
CNNVD ID
CNNVD-202512-655
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Mail是德国Nextcloud公司的一个电子邮件。 Nextcloud Mail 5.5.3之前版本存在跨站脚本漏洞,该漏洞源于邮件列表中存在存储型HTML注入,可能导致HTML注入攻击。
Description (English)
Nextcloud Mail is an e-mail from the German company Nextcloud. Nextcloud Mail 5.5.3 had a cross-site script loophole, which stemmed from the presence of a storage HTML injection in the mailing list, which could lead to an HTML injection attack.
Hazard Level
Critical
Vulnerability Type
跨站脚本
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/mail/commit/c64fcc3b79e0c089b5e1d2e04a07bfa740b2ac09 https://github.com/nextcloud/mail/pull/11740 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v394-8gpc-6fv5 https://hackerone.com/reports/3357036
Patch
https://apps.nextcloud.com/apps/mail
Share on: