by Nextcloud
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31132 | Hig | 0.54 | 8.3 | 0.01 | Aug 4, 2022 | Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery… | ||
| CVE-2020-8156 | Hig | 0.46 | 7.0 | 0.01 | May 12, 2020 | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | ||
| CVE-2025-66514 | Low | 0.00 | 3.5 | 0.00 | Dec 5, 2025 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content… | ||
| CVE-2024-52508 | Hig | 0.00 | 8.2 | 0.01 | Nov 15, 2024 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used… | ||
| CVE-2023-48307 | Low | 0.00 | 3.5 | 0.01 | Nov 21, 2023 | Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0… | ||
| CVE-2023-33184 | Low | 0.00 | 3.5 | 0.01 | May 27, 2023 | Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. | ||
| CVE-2023-25160 | Med | 0.00 | 4.1 | 0.00 | Feb 13, 2023 | Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25,… | ||
| CVE-2023-23943 | Med | 0.00 | 5.0 | 0.01 | Feb 6, 2023 | Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the… | ||
| CVE-2023-23944 | Low | 0.00 | 2.0 | 0.00 | Feb 6, 2023 | Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access… | ||
| CVE-2021-32707 | Med | 0.00 | 4.3 | 0.01 | Jul 12, 2021 | Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the… | ||
| CVE-2021-22896 | Med | 0.00 | 4.3 | 0.01 | Jun 11, 2021 | Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. |
- risk 0.54cvss 8.3epss 0.01
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery…
- risk 0.46cvss 7.0epss 0.01
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
- risk 0.00cvss 3.5epss 0.00
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content…
- risk 0.00cvss 8.2epss 0.01
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used…
- risk 0.00cvss 3.5epss 0.01
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0…
- risk 0.00cvss 3.5epss 0.01
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
- risk 0.00cvss 4.1epss 0.00
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25,…
- risk 0.00cvss 5.0epss 0.01
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the…
- risk 0.00cvss 2.0epss 0.00
Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access…
- risk 0.00cvss 4.3epss 0.01
Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the…
- risk 0.00cvss 4.3epss 0.01
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.