CVE-2016-7419
https://notcve.org/view.php?id=CVE-2016-7419
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. Vulnerabilidad de XSS en share.js en la aplicación de galería en ownCloud Server en versiones anteriores a 9.0.4 y Nextcloud Server en versiones anteriores a 9.0.52 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de directorio manipulado. • http://www.securityfocus.com/bid/92373 https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc https://hackerone.com/reports/145355 https://nextcloud.com/security/advisory/?id=nc-sa-2016-001 https://owncloud.org/security/advisory/?id=oc-sa-2016-011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •