The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
nextcloud server | lt | 10.0.1 |