, this HTML wi...">Nextcloud: Stored XSS on Share-popup of a directory's Galler... - vulnerability database | Vulners.com, this HTML wi...">, this HTML wi...">, this HTML wi...">
Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneFransrosenH1:145355
HistoryJun 17, 2016 - 11:35 a.m.

Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view

2016-06-1711:35:04
fransrosen
hackerone.com
$750
24

EPSS

0.001

Percentile

44.8%

JSON

Hi,
Nice with the program launch! Congrats!

I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under “Nextcloud Files”:
{F99938}

If your directory has a malicious name such as a HTML-payload: <img src>, this HTML will run when clicking on the Share-icon:
{F99937}

I see that you have a proper CSP in place, but remember that Internet Explorer is not there yet:
{F99939}

Also, since any user could create files, a user could potentially execute this for an admin (if that admin is not using a CSP-supported browser that is).

Let me know if you need more information.

Regards,
Frans

Related

prion 1
nextcloud 1
cvelist 1
openvas 4
cve 1
nvd 1
prion
prion
Cross site scripting
2016-09-17 21:59:00
nextcloud
nextcloud
Stored XSS in "gallery" application (NC-SA-2016-001)
2016-07-19 00:00:00
cvelist
cvelist
CVE-2016-7419
2016-09-17 21:00:00
openvas
openvas
ownCloud 'share.js' Gallery Application XSS Vulnerability - Linux
2016-09-26 00:00:00
ownCloud 'share.js' Gallery Application XSS Vulnerability - Windows
2016-09-26 00:00:00
Nextcloud 'share.js' Gallery Application XSS Vulnerability - Windows
2016-09-27 00:00:00
cve
cve
CVE-2016-7419
2016-09-17 21:59:11
nvd
nvd
CVE-2016-7419
2016-09-17 21:59:11

EPSS

0.001

Percentile

44.8%

JSON
Related for H1:145355
prion1nextcloud1cvelist1openvas4cve1nvd1