Nextcloud: Some HTML Tags are Getting Executed in com.nextcloud.client

2019-06-28T05:16:33
ID H1:631227
Type hackerone
Reporter ctulhu
Modified 2019-07-26T08:02:14

Description

What is the Vulnerability?

HTML Tags such as <h1> , <small> , <href> and <img> are Getting Executed in Next Cloud Client Mobile Application for Android which can then Results to Code Injection.

Reproduction Steps

1.) Using Next Cloud Client Mobile App on Android, Rename a Folder to &lt;a href="google.com"&gt;test Our HTML tag Was Executed {F518303}

2.)Rename the folder to small&lt;h1&gt;BIG Our HTML tag Was Executed {F518304}

3.) Rename the Folder to normal&lt;small&gt;small&lt;h1&gt;BIG Our HTML tag Was Executed {F518305}

Impact

If successfully exploited, impact could cover loss of confidentiality, loss of integrity, loss of availability, and/or loss of accountability