Nextcloud: Content spoofing due to default Apache Error Page

ID H1:155189
Type hackerone
Reporter sysecure
Modified 2016-09-29T19:03:00


Hi ,I would like to report report a text injection and a miss-configuration of the 403 page which can be used in phishing.


Just use a 403 page that don't include attacker text just as hackerone do or just as you do in your in other not found pages.

Thanks !