Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2017-03-28T02:46:00
Updated: 2017-03-28T02:57:01
Reserved: 2016-11-19T00:00:00
Link: CVE-2016-9467
JSON object: View
NVD Information
Status : Modified
Published: 2017-03-28T02:59:01.153
Modified: 2019-10-09T23:20:29.727
Link: CVE-2016-9467
JSON object: View
Redhat Information
No data.