XSS in image metadata field
Medium
Vulnerability Details
Hi,
Will you confirm the XSS vulnerability blocked by the CSP?
On Nextcloud 19.0.0
1. Upload the PoC.jpg
2. Check the PoC.jpg metadata
3. Need bypass the CSP to trigger it
## Impact
Cross-Site Scripting
Actions
View on HackerOneReport Stats
- Report ID: 896511
- State: Closed
- Substate: resolved
- Upvotes: 11