Lucene search
Cx75faH1:2210038HistoryOct 15, 2023 - 9:41 p.m.
Nextcloud: HTML injection in search UI when selecting a circle with HTML in the display name
2023-10-1521:41:08
cx75fa
hackerone.com
25
nextcloud
html injection
web security
data theft
phishing attacks
malware distribution
session hijacking
prevention
reproduction steps
impact
bug bounty
HTML injection is a web security issue where attackers insert harmful code into a web application, affecting how it appears and functions. This can lead to data theft, phishing, malware distribution, and session hijacking, posing significant risks to users and the application’s integrity. Prevention involves thoroughly checking and encoding user-generated content to ensure it’s safe for rendering in web pages.
Reproduction Steps:
- Log in to the application using a low-privilege user account.
- Access the “Contacts” section and initiate the creation of a new Circle.
- When naming the Circle, insert the following payload:
<meta http-equiv="refresh" content="2; https://evil.com/" />. - Share the Circle with a user account having an “Admin” role.
- Switch to the “Admin” user role and go to “Files” > “Shared with Circles.”
- Observe that the browser will redirect to a malicious website within a 2-second timeframe.
Video POC :
{F2775888}
Impact
HTML injection can have significant impacts, including:
Data theft
Phishing attacks
Malware distribution
Session hijacking
These consequences can harm both users and the application’s security.
Related
cve
cve
CVE-2023-48301
2023-11-21 22:15:07
nextcloud
nextcloud
prion
prion
Code injection
2023-11-21 22:15:00
nvd
nvd
CVE-2023-48301
2023-11-21 22:15:07
osv
osv
CVE-2023-48301
2023-11-21 22:15:07
cvelist
cvelist
openvas
openvas
redos
redos
ROS-20240402-12
2024-04-02 00:00:00