================================================================== Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages ================================================================== Information ------------------------------------------------------------------ Name: Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages Affected Versions: Nextcloud Server < 11.0.3 Nextcloud Server < 10.0.5 Nextcloud Server < 9.0.58 Owncloud <= 9.1.5 Vendor Homepage : https://nextcloud.com/ https://owncloud.org/ Vulnerability Type: Reflected Cross Site Scripting Severity: Low CVE: CVE-2017-0891 Product ------------------- Nextcloud is a open source software for cloud storage service. Also, this software are more features for synchronizing. e.g. Calendar, contacts, tasks or RSS readers. It is a fork from Owncloud. Currently, Owncloud is working on backporting this vulnerability to be fixed in the next release, I hope. Description ------------------- A HTML injection vulnerability flaw in the Nextcloud and Owncloud. Through this vulnerability an attacker could manipulate the website. This vulnerability could affect to the logged users. An attacker could send a malicious link (that contains the manipulated URL) to a legitimate user that he is logged in and simulate the login screen to stole the password (phishing), or multiple attacks more, like XSS. Nextcloud and ownCloud use Content-Security-Policy which prevents execution of inline JavaScript. However, as of now prominently Internet Explorer hasn't implemented Content-Security-Policy thus being at risk against this reflected Cross-Site Scripting Exist more options to attack, for example, redirect the content of an or