Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "9.0.54"
},
{
"last_affected": "9.0.54"
},
{
"last_affected": "9.0.54"
}
],
"source": "CPE_RANGE",
"vendor_product": "nextcloud:nextcloud"
}
]
}