Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

Remediation

References

CVE-2016-1498

Related Vulnerabilities

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Cross-Site Scripting (4.27.2)

Jenkins Improper Input Validation Vulnerability (CVE-2018-1999001)

WordPress Plugin H5P CSS Editor Cross-Site Scripting (1.0)

Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)

WordPress Plugin 10Web AI Assistant-AI content writing assistant Security Bypass (1.0.18)

Severity

Medium

Classification

CVE-2016-1498 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities