{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:33:40.152","vulnerabilities":[{"cve":{"id":"CVE-2021-32733","sourceIdentifier":"security-advisories@github.com","published":"2021-07-12T21:15:07.913","lastModified":"2024-11-21T06:07:37.443","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present in versions prior to 19.0.13, 20.0.11, and 21.0.3. The Nextcloud Text application shipped with Nextcloud server used a `text/html` Content-Type when serving files to users. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, use a browser that has support for Content-Security-Policy."},{"lang":"es","value":"Nextcloud Text es una aplicación de edición de documentos colaborativos que usa Markdown. Una vulnerabilidad de tipo cross-site scripting se presenta en las versiones anteriores a 19.0.13, 20.0.11 y 21.0.3. La aplicación Nextcloud Text suministrada con el servidor Nextcloud usaba un Content-Type \"text/html\" al servir archivos a usuarios. Debido a la estricta política de seguridad de contenidos incluida en Nextcloud, este problema no se puede explotar en los navegadores modernos que soportan la política de seguridad de contenidos. El problema se ha corregido en las versiones 19.0.13, 20.0.11 y 21.0.3. Como solución alternativa, use un navegador compatible con Content-Security-Policy"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionEndExcluding":"19.0.13","matchCriteriaId":"7D4E2A1A-C03E-4B91-87B6-6A8652B284F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.0.11","matchCriteriaId":"9CF8A48F-A16D-4C5F-B098-F92F3D361FA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0.0","versionEndExcluding":"21.0.3","matchCriteriaId":"D490C8D8-910E-44A1-9A8E-2F892D35D6CF"}]}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x4w3-jhcr-57pq","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/text/pull/1689","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1241460","source":"security-advisories@github.com","tags":["Permissions Required"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x4w3-jhcr-57pq","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/text/pull/1689","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1241460","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}