Description
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)
WordPress Plugin Simple:Press-WordPress Forum Arbitrary File Upload (6.6.0)
PHP Improper Input Validation Vulnerability (CVE-2010-3870)
Oracle JRE CVE-2020-2590 Vulnerability (CVE-2020-2590)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-5095)