CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2016-9465
https://notcve.org/view.php?id=CVE-2016-9465
28 Mar 2017 — Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Nextcloud Server en versiones anteriores a 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de XSS almacenado en la e... • https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2016-9466
https://notcve.org/view.php?id=CVE-2016-9466
28 Mar 2017 — Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability. Nextcloud Server en versiones anteriores a 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de Reflexed XSS en la aplicación Galería... • https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-9468
https://notcve.org/view.php?id=CVE-2016-9468
28 Mar 2017 — Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Nextcloud Server en versiones anteriores a 9.0.54 and 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de contenido de suplantación en la aplicación dav. El mensaje de excepción que se muestra en los puntos ... • https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f • CWE-284: Improper Access Control CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-5866
https://notcve.org/view.php?id=CVE-2017-5866
03 Mar 2017 — The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. La característica de autocompletar en el cuadro de diálogo del E-Mail en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos auten... • http://www.securityfocus.com/bid/96426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-5867
https://notcve.org/view.php?id=CVE-2017-5867
03 Mar 2017 — ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file. ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos autenticados provocar una denegación de servicio (cuelgue del servidor e inundación de archivos de reg... • http://www.securityfocus.com/bid/96430 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2017-5865
https://notcve.org/view.php?id=CVE-2017-5865
03 Mar 2017 — The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. La funcionalidad de reestablecimiento de contraseña en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones ant... • http://www.securityfocus.com/bid/96425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •