Stored XSS/HTML injection in autocomplete suggestions for sharing
Discovered by sjw on Nextcloud

This issue took 0 Days and 1 hours to triage and 164 Days and 13 hours to resolve once triaged.



encrypted report, see attached GnuPG file. I tried to send this by mail, but [email protected] told me that I'm forced (sic!) to signup here. Please use 7F40 5A4F FAA3 F51B FEFD EE2F CE82 B2C8 6DCE BB9F to contact me.

Impact

encrypted report, see attached GnuPG file