The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
CPE | Name | Operator | Version |
---|---|---|---|
nextcloud server | lt | 9.0.52 |