Content spoofing on https://surveyserver.nextcloud.com
Low
N
Nextcloud
Submitted None
Actions:
Reported by
mik317
Vulnerability Details
Technical details and impact analysis
Hi NextCloud team,
the `https://surveyserver.nextcloud.com` domain is vulnerable against `content spoofing` in the `forbidden page` due to the fact that the `request URI` is reflected without validation inside the aforementioned page.
1. Go on https://surveyserver.nextcloud.com/.htaccess%20because%20the%20webserver%20has%20been%20moved%20on%20http://evil.com%20and%20only%20an%20old%20version%20is%20present
2. Text injected successfully {F398692}
## Impact
Insert arbitrary text inside the `forbidden page` via `request URI`
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Resource Injection