{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T05:47:22.452","vulnerabilities":[{"cve":{"id":"CVE-2025-59788","sourceIdentifier":"cve@mitre.org","published":"2025-12-04T19:16:04.380","lastModified":"2026-03-25T21:35:25.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-749"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"30.0.17","matchCriteriaId":"8A3D94EC-A877-458D-9A33-5451FE97A785"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*","versionStartIncluding":"31.0.0","versionEndExcluding":"31.0.10","matchCriteriaId":"2059C891-F256-482A-99BF-D912A1657419"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*","versionStartIncluding":"32.0.0","versionEndExcluding":"32.0.1","matchCriteriaId":"A75D466C-B154-480A-9D4F-8E9454147156"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"22.0.0","versionEndExcluding":"22.2.10.33","matchCriteriaId":"4440D2E7-2FCB-4CC2-A57F-708AAB0CD22B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"23.0.0","versionEndExcluding":"23.0.12.29","matchCriteriaId":"51922DA7-3112-422A-9F66-9CAA54E89D8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"24.0.0","versionEndExcluding":"24.0.12.28","matchCriteriaId":"6AC7C575-7348-45A1-9023-A6606541987B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"25.0.0","versionEndExcluding":"25.0.13.23","matchCriteriaId":"000C64D7-C76D-4E69-9705-18132C615456"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"26.0.0","versionEndExcluding":"26.0.13.20","matchCriteriaId":"D9491A91-2A7C-4C84-89E9-219422D91350"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"27.0.0","versionEndExcluding":"27.1.11.20","matchCriteriaId":"CFD3A15F-58D7-4C3D-A49F-065F28ED6361"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"28.0.0","versionEndExcluding":"28.0.14.11","matchCriteriaId":"B55EF258-E98A-43A9-B73C-AE62D448421D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"29.0.0","versionEndExcluding":"29.0.16.8","matchCriteriaId":"7710228F-2984-4F9A-8360-0054E7E78687"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"30.0.17","matchCriteriaId":"AE19F75F-6A78-4770-B7C6-338570FA7184"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"31.0.0","versionEndExcluding":"31.0.10","matchCriteriaId":"64C21E45-22B8-49B2-B630-30448D89A4E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"32.0.0","versionEndExcluding":"32.0.1","matchCriteriaId":"CFA5AD5D-1145-44D6-ABE3-64837C74975F"}]}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://nextcloud.com","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}