Nextcloud: Content Spoofing

ID H1:145374
Type hackerone
Reporter ashish_pathak
Modified 2016-06-19T12:03:22


Hi i got content spoofing vulnerability .

Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application.

POC Link :-

Possible Fix: URL Encode spaces to %20 which will convert spoofing content look like link


Ashish Pathak