CVE-2017-0888

Description

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

Affected products

• nextcloud / nextcloud/serverAll versions before 9.0.55 and 10.0.2 – All versions before 9.0.55 and 10.0.2

References

• MISChttps://hackerone.com/reports/179073
• MISChttps://nextcloud.com/security/advisory/?id=nc-sa-2017-006
• MISChttp://www.securityfocus.com/bid/97491