Stored XSS. The impact is limited due to the restrictive CSP that is applied on this endpoint.
Patched in v1.2.1
Avoid using the Safari web browser.
https://hackerone.com/reports/1687410 nextcloud/user_oidc#496
If you have any questions or comments about this advisory:
Impact
Stored XSS. The impact is limited due to the restrictive CSP that is applied on this endpoint.
Patches
Patched in v1.2.1
Workarounds
Avoid using the Safari web browser.
References
https://hackerone.com/reports/1687410
nextcloud/user_oidc#496
For more information
If you have any questions or comments about this advisory: