Description

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.

Remediation

References

CVE-2017-8896

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2009-4418)

WordPress Plugin Easy Gallery Slideshow Cross-Site Scripting (1.1)

WordPress Plugin WP Smart Import: Import any XML File to WordPress Server-Side Request Forgery (1.0.0)

WordPress Plugin CF7 Manual Spam Blocker Privilege Escalation (1.0)

WordPress Plugin Browser Screenshots Cross-Site Scripting (1.7.5)

Severity

Medium

Classification

CVE-2017-8896 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities