vulnerability

Arch Linux: Cross-site scripting (CVE-2021-32733)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 12, 2021	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 12, 2021

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

A cross-site scripting vulnerability is present in Nextcloud Text in versions prior to 21.0.3. The Nextcloud Text application shipped with Nextcloud Server used a `text/html` Content-Type when serving files to users. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy.

Solution

arch-linux-upgrade-latest

References

CVE-2021-32733
https://attackerkb.com/topics/CVE-2021-32733
URL-https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x4w3-jhcr-57pq
URL-https://github.com/nextcloud/text/pull/1689
URL-https://hackerone.com/reports/1241460
URL-https://security.archlinux.org/ASA-202107-22
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today