5044 matches found
Nextcloud: Content Spoofing
Hi i got content spoofing vulnerability . Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. POC Link :- https://nextcloud.com/.htacess%20THIS%20IS%20CONTENT%20SPOOFING...
Nextcloud: Stored XSS on Share-popup of a directory's Gallery-view
Hi, Nice with the program launch! Congrats! I noticed that there was a Share-icon when toggling to the Gallery-view of a directory under "Nextcloud Files": F99938 If your directory has a malicious name such as a HTML-payload: , this HTML will run when clicking on the Share-icon: F99937 I see that...
Nextcloud: nextcloud.com: Content Injection Custom 404 Error
Hello Team , Request: if u think the reported issues have acceptable risk and u r not going to make changes then kindly request to mark as Informative . Description : This report is about how an attacker is able to spoof the content of 404 page and can add thr own Text in way that the Current...
Nextcloud: Possible RCE
Hello, I just quickly took a glance, I am not entirely sure or didn't get a chance to test it but it seems there are some serious bugs. In /apps/userldap/ajax/wizard.php: php 36: $action = string$POST'action'; and it is called in multiple places. including line 83 & 99. one being $action$loginNam...