Some HTML Tags are Getting Executed in com.nextcloud.client
Discovered by ctulhu on Nextcloud

This issue took 0 Days and 6 hours to triage and 3 Days and 19 hours to resolve once triaged.



What is the Vulnerability?

HTML Tags such as <h1> , <small> , <href> and <img> are Getting Executed in Next Cloud Client Mobile Application for Android which can then Results to Code Injection.

Reproduction Steps

1.) Using Next Cloud Client Mobile App on Android, Rename a Folder to &lt;a href=&quot;google.com&quot;&gt;test Our HTML tag Was Executed {F518303}

2.)Rename the folder to small&lt;h1&gt;BIG Our HTML tag Was Executed {F518304}

3.) Rename the Folder to normal&lt;small&gt;small&lt;h1&gt;BIG Our HTML tag Was Executed {F518305}

Impact

If successfully exploited, impact could cover loss of confidentiality, loss of integrity, loss of availability, and/or loss of accountability