{"id":"CVE-2019-5450","details":"Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.","modified":"2026-04-10T04:19:28.476631Z","published":"2019-07-30T21:15:11.647Z","references":[{"type":"EVIDENCE","url":"https://hackerone.com/reports/631227"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/android","events":[{"introduced":"0"},{"fixed":"669073b27862a27ca58a8551be64ffaa44522363"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.7.0"}]}}],"versions":["0.99","1.0.0","1.4.6-easy-setup","dev-20171209","dev-20171211","dev-20171212","dev-20171213","dev-20180809","dev-20180811","dev-20180821","dev-20180823","dev-20180824","dev-20180825","dev-20180829","dev-20180903","dev-20180905","dev-20180907","dev-20180908","dev-20180911","dev-20180912","dev-20180913","dev-20180914","dev-20180915","dev-20180918","dev-20180919","dev-20180920","dev-20180921","dev-20180924","dev-20180925","dev-20180926","dev-20180927","dev-20181006","dev-20181009","dev-20181013","dev-20181016","dev-20181018","dev-20181020","dev-20181023","dev-20181024","dev-20181025","dev-20181026","dev-20181027","dev-20181028","dev-20181030","dev-20181031","dev-20181101","dev-20181102","dev-20181103","dev-20181106","dev-20181107","dev-20181203","dev-20181204","dev-20181206","dev-20181207","dev-20181208","dev-20181211","dev-20181212","dev-20181214","dev-20181215","dev-20181216","dev-20181218","dev-20181222","dev-20190105","dev-20190108","dev-20190112","dev-20190113","dev-20190115","dev-20190116","dev-20190117","dev-20190118","dev-20190119","dev-20190122","dev-20190123","dev-20190126","dev-20190129","dev-20190130","dev-20190131","dev-20190201","dev-20190202","dev-20190205","dev-20190206","dev-20190207","dev-20190208","dev-20190209","dev-20190212","dev-20190213","dev-20190214","dev-20190215","dev-20190216","dev-20190219","dev-20190220","dev-20190221","dev-20190226","dev-20190227","dev-20190228","dev-20190301","dev-20190305","dev-20190306","dev-20190307","dev-20190308","dev-20190309","dev-20190310","dev-20190312","dev-20190313","dev-20190314","dev-20190316","dev-20190319","dev-20190320","dev-20190321","dev-20190323","dev-20190327","dev-20190328","dev-20190329","dev-20190402","dev-20190403","dev-20190404","dev-20190406","dev-20190408","dev-20190409","dev-20190410","dev-20190411","dev-20190412","dev-20190413","dev-20190414","dev-20190502","dev-20190513","dev-20190514","dev-20190515","dev-20190517","dev-20190518","dev-20190520","dev-20190521","dev-20190522","dev-20190523","dev-20190524","dev-20190528","dev-20190529","dev-20190530","dev-20190531","dev-20190601","dev-20190604","dev-20190605","oc-android-1-3-13","oc-android-1-3-14","oc-android-1-3-17","oc-android-1-3-18","oc-android-1-3-19","oc-android-1-3-20","oc-android-1-4-0","oc-android-1.4.3","oc-android-1.4.4","oc-android-1.4.5","oc-android-1.4.6","oc-android-1.5.3","oc-android-1.7.0","oc-android-1.7.0_signed","oc-android-1.7.1_signed","oc-android-1.8","rc-1.1.0-01","rc-1.1.0-02","rc-1.2.0-01","rc-1.2.0-02","rc-1.3.0-01","rc-1.3.0-02","rc-1.4.0-01","rc-1.4.0-02","rc-1.4.0-03","rc-1.4.0-04","rc-1.4.1-01","rc-1.4.1-02","rc-1.4.1-03","rc-1.4.1-04","rc-1.4.2-01","rc-1.4.2-02","rc-1.4.2-04","rc-2.0.0-01","rc-2.0.0-03","rc-2.0.0-04","rc-2.0.0-05","rc-2.0.0-06","rc-2.0.0-07","rc-2.0.0-08","rc-2.0.0-09","rc-3.0.0-01","rc-3.0.0-02","rc-3.0.0-03","rc-3.1.0-01","rc-3.1.0-02","rc-3.6.0-01","rc-3.7.0-01","rc-3.7.0-02","rc-3.7.0-03","rc-3.7.0-04","stable-1.0.0","stable-1.0.1","stable-1.1.0","stable-1.2.0","stable-1.3.0","stable-1.3.1","stable-1.4.0","stable-1.4.1","stable-1.4.2","stable-1.4.3","stable-2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5450.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}