What is the severity of CVE-2021-32782?

CVE-2021-32782 is classified as a medium severity vulnerability due to its potential for exploitation via stored Cross-Site Scripting (XSS).

How do I fix CVE-2021-32782?

To fix CVE-2021-32782, upgrade to Nextcloud Circles version 0.19.14 or later, 0.20.10 or later, or 0.21.3 or later.

Which versions of Nextcloud Circles are affected by CVE-2021-32782?

Nextcloud Circles versions prior to 0.19.14, as well as versions between 0.20.0 and 0.20.10, and between 0.21.0 and 0.21.3 are affected by CVE-2021-32782.

What kind of vulnerability is CVE-2021-32782?

CVE-2021-32782 is a stored Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages viewed by other users.

What is the impact of CVE-2021-32782?

The impact of CVE-2021-32782 includes the potential for attackers to execute arbitrary scripts in the context of a user's browser, compromising user interactions and data.

Vulnerability/
CVE-2021-32782

medium

5.8

CWE

7/9/2021

3/8/2024

CVE-2021-32782: Cross-Site Scripting in Nextcloud Circles

First published: Tue Sep 07 2021(Updated: )

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Nextcloud Circles	<0.19.14
Nextcloud Circles	>=0.20.0<0.20.10
Nextcloud Circles	>=0.21.0<0.21.3

Remedy

https://github.com/nextcloud/circles/commit/dbb97a83ccb342c839a54f088aa19b8ba6844b0e

Remedy

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hgpq-28gj-jrj9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-32782?
CVE-2021-32782 is classified as a medium severity vulnerability due to its potential for exploitation via stored Cross-Site Scripting (XSS).
How do I fix CVE-2021-32782?
To fix CVE-2021-32782, upgrade to Nextcloud Circles version 0.19.14 or later, 0.20.10 or later, or 0.21.3 or later.
Which versions of Nextcloud Circles are affected by CVE-2021-32782?
Nextcloud Circles versions prior to 0.19.14, as well as versions between 0.20.0 and 0.20.10, and between 0.21.0 and 0.21.3 are affected by CVE-2021-32782.
What kind of vulnerability is CVE-2021-32782?
CVE-2021-32782 is a stored Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages viewed by other users.
What is the impact of CVE-2021-32782?
The impact of CVE-2021-32782 includes the potential for attackers to execute arbitrary scripts in the context of a user's browser, compromising user interactions and data.

collector/nvd-index
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/title
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/nextcloud
canonical/nextcloud circles
version/nextcloud circles/0.20.0
version/nextcloud circles/0.21.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.