Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

Remediation

References

CVE-2016-1498

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1888)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (13.1.0.9)

Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795)

MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)

MySQL CVE-2019-2800 Vulnerability (CVE-2019-2800)

Severity

Medium

Classification

CVE-2016-1498 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities