This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
RedTeam Pentesting
redteam-pentesting.de
did:plc:phhzupcwv3iro356vj4pdy6b
🚨Nextcloud was vulnerable to XSS in PDF.js (CVE-2024-4367) found by Thomas Rinsma at CodeanIO.
Although Nextcloud mitigated the vulnerability in their portal by disabling eval, the viewer.html component of the vulnerable PDF.js was still exposed.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/
2025-12-04T10:23:33.197Z