CVE-2019-5450

Some basic HTML tags were rendered as Markup in directory names.

Product: Nextcloud App on Android
Vendor : Nextcloud GmbH.
Vulnerable Version: Nextcloud Android < 3.7.0
Category: Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)
Vendor Notified: 2019-06-28
Patched: 2019-07-09
Researcher(s) : Christian Angel
CVE: 2019-5450

Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud application functionally is similar to Dropbox. Unlike Dropbox, Nextcloud does not offer off-premises file storage hosting.

References

https://hackerone.com/reports/631227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5450
https://nextcloud.com/security/advisory/?id=NC-SA-2019-009