{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T19:03:48.824","vulnerabilities":[{"cve":{"id":"CVE-2021-39222","sourceIdentifier":"security-advisories@github.com","published":"2021-11-15T19:15:07.297","lastModified":"2024-11-21T06:18:56.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy."},{"lang":"es","value":"Nextcloud es una plataforma de productividad de código abierto y auto alojada. La aplicación Nextcloud Talk era susceptible a una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenada. Para una explotación, un usuario tendría que hacer clic con el botón derecho en un archivo malicioso y abrirlo en una nueva pestaña. Debido a la estricta política de seguridad de contenidos incluida en Nextcloud, este problema no es explotable en los navegadores modernos que soportan la política de seguridad de contenidos. Es recomendado actualizar la aplicación Nextcloud Talk a las versiones parcheadas 10.0.7, 10.1.4, 11.1.2, 11.2.0 o 12.0.0. Como solución, use un navegador que tenga soporte para Content-Security-Policy"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.7","matchCriteriaId":"6D48B927-D0DB-4981-AE40-3084AB7646B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.4","matchCriteriaId":"B64ECEAF-FA2E-42E0-AE30-3BB1C0C835FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.1.2","matchCriteriaId":"BE3F28FB-17E4-43F1-AFE1-2BA9FC1FAB9B"}]}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/spreed/pull/542","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1135481","source":"security-advisories@github.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/spreed/pull/542","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1135481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]}]}}]}