Ishahriyar

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 9.0.52 ownCloud Server versions prior to 9.0.4 **Description** The issue allows for a content-spoofing attack in the files app. Specifically, the location bar in the files app does not verify the passed parameters, enabling an attacker to craft an invalid link to a fake directory structure. This can be used to display an attacker-controlled error message to the user. **Recommendations** For Nextcloud Server versions prior to 9.0.52, update to version 9.0.52 or later. For ownCloud Server versions prior to 9.0.4, update to version 9.0.4 or later.