CVE-2016-9466

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-9466

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9466.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9466

Published

2017-03-28T02:59:01.107Z

Modified

2026-03-15T22:12:53.252571Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.

References

Affected packages

Git / github.com/nextcloud/gallery

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/gallery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f9ef505c1d60c9041e251682e0f6b3daad952d58

Type

GIT

Repo

https://github.com/owncloud/core

Events

Introduced

ce40499f02717afa0af25bf2f67629a3159a29d3

Fixed

1c54fcd45dc4bc242eeb84b56a85da7a276d55a8

Introduced

81f694d83e8246d9b6482b773c8bdca675c51828

Fixed

eac87d3dd56303575746cfae6382d609bd51ff6e

Introduced

b642b26f7229c99b33e49cde86b38fdc6e8e5f21

Fixed

d47c589b0429eafa5add3a9ffc1c89f8ecccf9cc

Database specific

{
    "versions": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.0.1"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.0.6"
        },
        {
            "introduced": "9.1.0"
        },
        {
            "fixed": "9.1.2"
        }
    ]
}

Type: GIT
Repo: https://github.com/owncloud/gallery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b3b3772fb9bec61ba10d357bef42b676fa474eee

Fixed

dc4887f1afcc0cf304f4a0694075c9364298ad8a

Affected versions

2.*

2.0.0

2.0.10

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

8.*

8.0.11

v1.*

v1.0-rc1

v10.*

v10.0.0

v10.0.1RC1

v10.0.1RC2

v10.0.1RC3

v10.0.1RC4

v10.0.1RC5

Other

v12-stable8

v8.*

v8.2RC1

v8.2RC2

v8.2beta1

v9.*

v9.0.0

v9.0.0RC1

v9.0.0RC2

v9.0.0RC3

v9.0.0beta2

v9.0.1

v9.0.1RC1

v9.0.1RC2

v9.0.1beta

v9.0.2

v9.0.2RC1

v9.0.2RC2

v9.0.3

v9.0.3RC1

v9.0.4

v9.0.4RC1

v9.0.5

v9.0.5RC1

v9.0.5RC2

v9.0.6RC1

v9.0.6RC2

v9.0beta1

v9.1.0

v9.1.0RC1

v9.1.0RC2

v9.1.0RC3

v9.1.0RC4

v9.1.0beta1

v9.1.0beta2

v9.1.1

v9.1.1RC1

v9.1.1RC2

v9.1.1RC3

v9.1.2RC1

v9.1.2RC2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9466.json"