CVE-2016-9465
Published: Mar 28, 2017
Modified: Aug 6, 2024
Description
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 | affected Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now