Bad content-type in response header when getting document can lead to html injection

Disclosed: 2017-01-12 20:45:39 By trichimtrich_ To nextcloud

Medium

Vulnerability Details

## Bug When request document by genesis_id or filename, the content-type field in response header is 'text/html'. And the document content can be anything. So if we upload an odt file with html format and share with other users, it can lead to html injection when others request that file. ## PoC - img1 via es_id - img2 via filename (share with others)

Actions

View on HackerOne

Report Stats

Report ID: 173721
State: Closed
Substate: resolved
Upvotes: 7

Bad content-type in response header when getting document can lead to html injection

Vulnerability Details

Actions

Report Stats

Share this report