CVE-2016-9466
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-9466
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9466.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9466
- Published
- 2017-03-28T02:59:01Z
- Modified
- 2025-04-20T03:39:12.326342Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.
- References
-
- https://nextcloud.com/security/advisory/?id=nc-sa-2016-009
- https://owncloud.org/security/advisory/?id=oc-sa-2016-019
- https://hackerone.com/reports/165686
- https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58
- https://github.com/owncloud/gallery/commit/b3b3772fb9bec61ba10d357bef42b676fa474eee
- https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a
Affected packages
Git / github.com/nextcloud/gallery
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/gallery
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- GIT
- Repo
- https://github.com/nextcloud/server
- Events
- Type
- GIT
- Repo
- https://github.com/owncloud/core
- Events
- Type
- GIT
- Repo
- https://github.com/owncloud/gallery
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Affected versions
2.*
2.0.0
2.0.10
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
8.*
8.0.11
v1.*
v1.0-rc1
v10.*
v10.0.0
v10.0.1RC1
v10.0.1RC2
v10.0.1RC3
v10.0.1RC4
v10.0.1RC5
Other
v12-stable8
v8.*
v8.2RC1
v8.2RC2
v8.2beta1
v9.*
v9.0.0
v9.0.0RC1
v9.0.0RC2
v9.0.0RC3
v9.0.0beta2
v9.0.1
v9.0.1RC1
v9.0.1RC2
v9.0.1beta
v9.0.2
v9.0.2RC1
v9.0.2RC2
v9.0.3
v9.0.3RC1
v9.0.4
v9.0.4RC1
v9.0.5
v9.0.5RC1
v9.0.5RC2
v9.0.6RC1
v9.0beta1
v9.1.0
v9.1.0RC1
v9.1.0RC2
v9.1.0RC3
v9.1.0RC4
v9.1.0beta1
v9.1.0beta2
v9.1.1
v9.1.1RC1
v9.1.1RC2
v9.1.1RC3
v9.1.2RC1