Julius Härtl

4 exploits Active since Jan 2024
CVE-2024-22213 WRITEUP NONE WRITEUP
Nextcloud Deck <1.9.5,1.11.2 - XSS
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
CVE-2024-22404 WRITEUP MEDIUM WRITEUP
Nextcloud Files Zip <1.2.1-1.5.0 - Info Disclosure
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
CVSS 4.1
CVE-2024-52513 WRITEUP LOW WRITEUP
Nextcloud Server < 25.0.13.13 - Information Disclosure
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
CVSS 2.6
CVE-2025-66548 WRITEUP LOW WRITEUP
Nextcloud Deck <1.12.7, 1.14.4, 1.15.1 - Info Disclosure
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into download files with a different extension than what is displayed. This vulnerability is fixed in 1.12.7, 1.14.4, and 1.15.1.
CVSS 3.3