Description

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.

Remediation

References

CVE-2016-9466

Related Vulnerabilities

WordPress Plugin Email Subscriber Cross-Site Scripting (1.1)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33938)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1580)

WordPress Plugin Post Grid Gutenberg Blocks and WordPress Blog-PostX Security Bypass (4.1.2)

WordPress Plugin Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Multiple Cross-Site Scripting Vulnerabilities (26.0)

Severity

Medium

Classification

CVE-2016-9466 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities