Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2006-7197)
Squid Missing Authentication for Critical Function Vulnerability (CVE-2019-12524)
PHP Resource Management Errors Vulnerability (CVE-2010-4150)
WordPress 4.7.x Cross-Site Request Forgery (4.7 - 4.7.12)
Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458)