CVE-2022-24888

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.

Related Vulnerabilities

CVE-2017-5246

MEDIUM
CVSS:4.3(Medium)

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in doubl...

CWE-742017

CVE-2018-1000193

MEDIUM
CVSS:4.3(Medium)

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names c...

CWE-742018

CVE-2018-20898

MEDIUM
CVSS:4.3(Medium)

cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).

CWE-742018

CVE-2019-1680

MEDIUM
CVSS:4.3(Medium)

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. ...

CWE-742019

CVE-2019-5977

MEDIUM
CVSS:4.3(Medium)

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.

CWE-742019

CVE-2020-15011

MEDIUM
CVSS:4.3(Medium)

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

CWE-742020