Nextcloud: Some HTML Tags are Getting Executed in com.nextcloud.client

ID H1:631227
Type hackerone
Reporter ctulhu
Modified 2019-07-26T08:02:14


What is the Vulnerability?

HTML Tags such as <h1> , <small> , <href> and <img> are Getting Executed in Next Cloud Client Mobile Application for Android which can then Results to Code Injection.

Reproduction Steps

1.) Using Next Cloud Client Mobile App on Android, Rename a Folder to &lt;a href=""&gt;test Our HTML tag Was Executed {F518303}

2.)Rename the folder to small&lt;h1&gt;BIG Our HTML tag Was Executed {F518304}

3.) Rename the Folder to normal&lt;small&gt;small&lt;h1&gt;BIG Our HTML tag Was Executed {F518305}


If successfully exploited, impact could cover loss of confidentiality, loss of integrity, loss of availability, and/or loss of accountability