Vulnerabilities > Nextcloud > Deck > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-37883 Unspecified vulnerability in Nextcloud Deck
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud
4.3
2024-01-18 CVE-2024-22213 Cross-site Scripting vulnerability in Nextcloud Deck
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-79
5.4
2023-01-14 CVE-2023-22470 Improper Input Validation vulnerability in Nextcloud Deck
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-20
6.5
2023-01-14 CVE-2023-22471 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-639
4.3
2022-05-20 CVE-2022-24906 Information Exposure Through an Error Message vulnerability in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello.
network
low complexity
nextcloud CWE-209
4.3
2022-05-20 CVE-2022-29159 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud.
network
low complexity
nextcloud CWE-639
4.3
2021-09-07 CVE-2021-37631 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-639
6.5
2021-06-11 CVE-2021-22913 Information Exposure vulnerability in Nextcloud Deck
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
network
low complexity
nextcloud CWE-200
6.5
2021-02-23 CVE-2020-8297 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user.
network
low complexity
nextcloud CWE-639
4.3
2020-10-05 CVE-2020-8235 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
network
low complexity
nextcloud CWE-639
4.3