ApiService#fetch serves content as text/html and inline Content-Disposition

Disclosed: 2021-08-11 09:22:56 By lukasreschkenc To nextcloud
Unknown
Vulnerability Details
https://github.com/nextcloud/text/blame/0bc7c3300607d57ee512dbf61497daec23961a12/lib/Service/ApiService.php#L109-L120 ## Impact XSS
Actions
View on HackerOne
Report Stats
  • Report ID: 1241460
  • State: Closed
  • Substate: resolved
  • Upvotes: 6
Share this report