• Product: Nextcloud App on Android
  • Vendor : Nextcloud GmbH.
  • Vulnerable Version: Nextcloud Android < 3.7.0
  • Category: Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)
  • Vendor Notified: 2019-06-28
  • Patched: 2019-07-09
  • Researcher(s) : Christian Angel
  • CVE: 2019-5450

Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud application functionally is similar to Dropbox. Unlike Dropbox, Nextcloud does not offer off-premises file storage hosting.

References

https://hackerone.com/reports/631227

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5450

https://nextcloud.com/security/advisory/?id=NC-SA-2019-009