Table of Contents
The nextcloud Talk app allows a User to share their location via app. Due to lack of validation an attacker can send a crafted request to control the geolocation preview. Once clicked by the victim it will redirect them to the pointed deeplink or URL.
Nextcloud was able to fix this by adding a validation to Geo Location ID.