Latest nextcloud deck Vulnerabilities

CVE-2024-22213
Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app
Nextcloud Deck>=1.9.0<1.9.5
Nextcloud Deck>=1.10.0<1.11.2
CVE-2023-22471
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other use...
Nextcloud Deck<1.6.5
Nextcloud Deck>=1.7.0<1.7.3
Nextcloud Deck>=1.8.0<1.8.2
CVE-2023-22470
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS ...
Nextcloud Deck<1.6.5
Nextcloud Deck>=1.7.0<1.7.3
Nextcloud Deck>=1.8.0<1.8.2
CVE-2023-22469
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no acce...
Nextcloud Deck<1.8.2
CVE-2022-24906
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Next...
Nextcloud Deck<1.2.11
Nextcloud Deck>=1.4.0<1.4.6
CVE-2022-29159
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board t...
Nextcloud Deck<1.4.8
Nextcloud Deck>=1.5.0<1.5.6
Nextcloud Deck>=1.6.0<1.6.1
CVE-2021-37631
Nextcloud Deck<1.2.9
Nextcloud Deck>=1.3.0<1.4.4
Nextcloud Deck>=1.5.0<1.5.1
CVE-2021-22913
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless...
Nextcloud Deck<1.2.7
Nextcloud Deck>=1.3.0<1.4.1
CVE-2020-8297
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.
Nextcloud Deck<1.0.2
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.
Nextcloud Deck=0.8.0
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
Nextcloud Deck=1.0.4
CVE-2020-8179
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
Nextcloud Deck<1.0.1
CVE-2019-15619
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in ...
Nextcloud Deck<0.6.6
Nextcloud Nextcloud Server<16.0.4
Nextcloud talk<6.0.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203