CVE-2016-9466

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-9466
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9466.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9466
Published
2017-03-28T02:59:01Z
Modified
2024-06-06T12:02:07.603328Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.

References

Affected packages

Git / github.com/nextcloud/gallery

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/gallery
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/nextcloud/server
Events
Type
GIT
Repo
https://github.com/owncloud/core
Events
Type
GIT
Repo
https://github.com/owncloud/gallery
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.0.0
2.0.10
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9

8.*

8.0.11

v1.*

v1.0-rc1

v10.*

v10.0.0
v10.0.1RC1
v10.0.1RC2
v10.0.1RC3
v10.0.1RC4
v10.0.1RC5

Other

v12-stable8

v8.*

v8.2RC1
v8.2RC2
v8.2beta1

v9.*

v9.0.0
v9.0.0RC1
v9.0.0RC2
v9.0.0RC3
v9.0.0beta2
v9.0.1
v9.0.1RC1
v9.0.1RC2
v9.0.1beta
v9.0.2
v9.0.2RC1
v9.0.2RC2
v9.0.3
v9.0.3RC1
v9.0.4
v9.0.4RC1
v9.0.5
v9.0.5RC1
v9.0.5RC2
v9.0.6RC1
v9.0beta1
v9.1.0
v9.1.0RC1
v9.1.0RC2
v9.1.0RC3
v9.1.0RC4
v9.1.0beta1
v9.1.0beta2
v9.1.1
v9.1.1RC1
v9.1.1RC2
v9.1.1RC3
v9.1.2RC1