VYPR
Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Aug 2, 2024

Nextcloud Calendar's event create can create attachments that link to other websites

CVE-2024-37316

Description

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2.

Affected products

2
  • Range: <4.6.8, <4.7.2
  • nextcloud/security-advisoriesv5
    Range: >= 4.3.0, < 4.6.8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.