Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-9466 - Vulnerability Database
ownCloud

ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-9466

Medium
Reference: CVE-2016-9466
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-9466
Title: ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Nextcloud Server before 10.0.1 amp ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message this led to a reflected Cross-Site-Scripting vulnerability.