VYPR
Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 8, 2025

Nextcloud Mail stored HTML injection in subject text

CVE-2025-66514

Description

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the Nextcloud Server code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: <5.5.3
  • nextcloud/security-advisoriesv5
    Range: >= 5.2.0-beta.1, < 5.5.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2025-66514 · VYPR