<p>After listening to an episode of <a href="https://darknetdiaries.com/">Darknet Diaries</a> about bug bounty programs, I was inspired to make some money finding vulnerabilities in websites. Through <a href="https://www.hackerone.com/">HackerOne</a>, I discovered <a href="https://hackerone.com/nextcloud">Nextcloud's bug bounty program</a>.</p>
<h2>How I found the vulnerability</h2>
<p>While looking at the list of in-scope targets, I saw that one was a PDF viewer, and some PDF viewers are vulnerable to XSS attacks.
After seeing that they used <a href="https://mozilla.github.io/pdf.js/">pdf.js</a>, I searched for vulnerabilities that affected the version they used.
I found out that the version they used was vulnerable to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1452075">CVE-2018-5158</a>.</p>
<h2>The Report Process</h2>
<p>Although the report was only around 150 words, I spent a few hours confirming the exploit and writing it. I link to the report at the bottom of this post.</p>
<h2>What Happened</h2>
<p>Nextcloud quickly responded, fixed the issue, and submitted a <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE</a>.
They gave me $100, and the vulnerability was given the CVE ID, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8155">CVE-2020-8155</a>.
Overall, I am pleased with how they communicated and handled the process.</p>
<h2>Links</h2>
<ul>
<li><a href="https://nextcloud.com/security/advisory/?id=NC-SA-2020-019">Nextcloud's Advisory</a></li>
<li><a href="https://hackerone.com/reports/819863">HackerOne Report</a></li>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8155">CVE-2020-8155 (CVE Database)</a></li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8155">CVE-2020-8155 (NIST.gov)</a></li>
</ul>



After listening to an episode of [Darknet Diaries](https://darknetdiaries.com/) about bug bounty programs, I was inspired to make some money finding vulnerabilities in websites. Through [HackerOne](https://www.hackerone.com/), I discovered [Nextcloud's bug bounty program](https://hackerone.com/nextcloud).

## How I found the vulnerability

While looking at the list of in-scope targets, I saw that one was a PDF viewer, and some PDF viewers are vulnerable to XSS attacks.
After seeing that they used [pdf.js](https://mozilla.github.io/pdf.js/), I searched for vulnerabilities that affected the version they used.
I found out that the version they used was vulnerable to [CVE-2018-5158](https://bugzilla.mozilla.org/show_bug.cgi?id=1452075).

## The Report Process

Although the report was only around 150 words, I spent a few hours confirming the exploit and writing it. I link to the report at the bottom of this post.

## What Happened

Nextcloud quickly responded, fixed the issue, and submitted a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures).
They gave me $100, and the vulnerability was given the CVE ID, [CVE-2020-8155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8155).
Overall, I am pleased with how they communicated and handled the process.

## Links

- [Nextcloud's Advisory](https://nextcloud.com/security/advisory/?id=NC-SA-2020-019)
- [HackerOne Report](https://hackerone.com/reports/819863)
- [CVE-2020-8155 (CVE Database)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8155)
- [CVE-2020-8155 (NIST.gov)](https://nvd.nist.gov/vuln/detail/CVE-2020-8155)


Nextcloud Bug Bounty Report (CVE-2020-8155)

How I found the vulnerability

The Report Process

What Happened

Links