Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

Remediation

References

CVE-2016-1498

Related Vulnerabilities

Joomla Other Vulnerability (CVE-2006-1047)

WordPress Plugin Modern Events Calendar Arbitrary File Upload (7.11.0)

Ruby Improper Authentication Vulnerability (CVE-2007-5162)

Jenkins Missing Authorization Vulnerability (CVE-2021-21687)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)

Severity

Medium

Classification

CVE-2016-1498 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities