Nextcloud: Email Spoofing

ID H1:200762
Type hackerone
Reporter khalidamin
Modified 2017-01-25T14:01:02


Hi there,

Similar to this report submitted to Hackerone itself:

You also are vulnerable to email spoofing.

Steps to reproduce: 1- Go to ( A Fake Mailer ) 2- Set the from to parameter as or any other name, and send it. 3- The email is sent with any content you'd like to add as the message.