CVE-2016-9465

by Fred · 27/03/2017

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.

Date published : 2017-03-27

https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0

https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e

CVE-2016-9465

Similar

Recent Posts

Categories

CVE-2016-9465

Share this:

Similar

Recent Posts

Categories

Tags