[Thirdparty] Stored XSS in chat module - nextcloud server 9.0.51 installed in ubuntu 14.0.4 LTS
Medium
N
Nextcloud
Submitted None
Actions:
Reported by
egrep
Vulnerability Details
Technical details and impact analysis
I found stored XSS vulnerability in nextcloud server's chat module
Nextcloud Server version - 9.0.51
OS - Ubuntu 14.0.4
Browser - Internet Explorer 11
Steps:
1) Login as non-admin user(attacker) and change full name containing XSS payload - elamaran\'>\"><script>alert(document.domain)</script>
2) Login as admin/non-admin(victim) and go to chat module
3) Click "Show information" of the attacker
4) Then the stored XSS payload in attacker's name will get execute in nextcloud domain
POC Video URL - https://youtu.be/UU60IthJWxI
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic