Main Vulnerability Database Vulnerabilities #VU31419

Cross-site scripting in Nextcloud Server - CVE-2017-0891

Published: May 8, 2017 / Updated: July 18, 2020

Vulnerability identifier: #VU31419

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0891

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Nextcloud

Affected software:
Nextcloud Server

Detailed vulnerability description

The vulnerability allows a remote authenticated user to read and manipulate data.

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

How to mitigate CVE-2017-0891

Install update from vendor's website.

Sources

https://hackerone.com/reports/216812
https://nextcloud.com/security/advisory/?id=nc-sa-2017-008

Cross-site scripting in Nextcloud Server - CVE-2017-0891

Detailed vulnerability description

How to mitigate CVE-2017-0891

Sources

Please verify you're human