Description
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)
GlassFish CVE-2017-10393 Vulnerability (CVE-2017-10393)
PHP Out-of-bounds Read Vulnerability (CVE-2017-11147)
WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)
Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)