CVE-2016-7419

Published on: 09/17/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:07 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Certain versions of Nextcloud Server from Nextcloud contain the following vulnerability:

Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.

  • CVE-2016-7419 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.4 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 3.5 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Add more escaping · nextcloud/[email protected] · GitHub Patch
github.com
text/html
URL Logo CONFIRM github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
ownCloud Gallery Application 'share.js' HTML Injection Vulnerability cve.report (archive)
text/html
URL Logo BID 92373
#145355 Stored XSS on Share-popup of a directory's Gallery-view - HackerOne Exploit
Mailing List
Third Party Advisory
hackerone.com
text/html
URL Logo MISC hackerone.com/reports/145355
advisory – Nextcloud Vendor Advisory
nextcloud.com
text/html
URL Logo CONFIRM nextcloud.com/security/advisory/?id=nc-sa-2016-001
Advisory | ownCloud.org Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM owncloud.org/security/advisory/?id=oc-sa-2016-011

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationNextcloudNextcloud ServerAllAllAllAll
ApplicationOwncloudOwncloudAllAllAllAll
  • cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*: