Product: Nextcloud App on Android
Vendor : Nextcloud GmbH.
Vulnerable Version: Nextcloud Android < 3.7.0
Category: Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)
Vendor Notified: 2019-06-28
Patched: July 9 2019
Researcher(s) : Christian Angel
CVE: 2019-5450
Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud application functionally is similar to Dropbox. Unlike Dropbox, Nextcloud does not offer off-premises file storage hosting.
Summary
HTML Tags such as <h1> , <small> , <href> and <img> are Getting Executed in Next Cloud Client Mobile Application for Android which can then Result to Code Injection.
Proof of Concept
Solution
Update the application to the latest version
References
https://hackerone.com/reports/631227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5450
https://nextcloud.com/security/advisory/?id=NC-SA-2019-009
