Nextcloud: xss on demo.nextcloud.com due to outdated version

2016-10-23T23:03:06
ID H1:177713
Type hackerone
Reporter bm666
Modified 2016-11-26T14:05:06

Description

Hello. I found the possibility of introducing "html-tag" and of xss attack in the form of adding comments. Details video. Payload: </textarea><img src=x onmouseover=alert(document.domain)> Browser: Firefox 49.0 OS: Ubuntu 16.04