What is CVE-2023-39955?

CVE-2023-39955 is a vulnerability in the Notes app for Nextcloud, versions 4.4.0 to 4.8.0, that allows HTML content to be rendered in the preview instead of being offered for download.

How does CVE-2023-39955 affect Nextcloud Notes app?

CVE-2023-39955 affects Nextcloud Notes app versions 4.4.0 to 4.8.0, allowing HTML content to be rendered in the preview instead of being offered for download.

What is the severity of CVE-2023-39955?

CVE-2023-39955 has a severity of medium with a CVSS score of 6.1.

How can I fix CVE-2023-39955?

To fix CVE-2023-39955, update your Nextcloud Notes app to version 4.8.0 or later.

Where can I find more information about CVE-2023-39955?

You can find more information about CVE-2023-39955 on the Nextcloud Notes GitHub repository, Nextcloud security advisories, and HackerOne report.

Vulnerability/
CVE-2023-39955

medium

6.1

CWE

10/8/2023

4/10/2024

CVE-2023-39955: Notes attachment render HTML in preview mode

First published: Thu Aug 10 2023(Updated: )

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Nextcloud Notes	>=4.4.0<4.8.0

Remedy

https://github.com/nextcloud/notes/pull/1031

Remedy

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6g88-37x7-4vw6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-39955?
CVE-2023-39955 is a vulnerability in the Notes app for Nextcloud, versions 4.4.0 to 4.8.0, that allows HTML content to be rendered in the preview instead of being offered for download.
How does CVE-2023-39955 affect Nextcloud Notes app?
CVE-2023-39955 affects Nextcloud Notes app versions 4.4.0 to 4.8.0, allowing HTML content to be rendered in the preview instead of being offered for download.
What is the severity of CVE-2023-39955?
CVE-2023-39955 has a severity of medium with a CVSS score of 6.1.
How can I fix CVE-2023-39955?
To fix CVE-2023-39955, update your Nextcloud Notes app to version 4.8.0 or later.
Where can I find more information about CVE-2023-39955?
You can find more information about CVE-2023-39955 on the Nextcloud Notes GitHub repository, Nextcloud security advisories, and HackerOne report.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/title
agent/severity
agent/references
agent/description
agent/tags
agent/first-publish-date
agent/event
vendor/nextcloud
canonical/nextcloud notes
version/nextcloud notes/4.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.