CVE-2016-1498 — Cross-site Scripting in Owncloud

CWE-79 — Cross-site Scripting7 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 51.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedJan 8

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDowncloud/owncloud_server12 versions+11

▶NVDowncloud/owncloud7.0.11+2

🔴Vulnerability Details

GHSA

GHSA-vjwh-5g7w-qqh8: Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7↗2022-05-17

▶

CVEList

CVE-2016-1498: Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7↗2016-01-08

▶

💬Community

Bugzilla

CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery [epel-6]↗2016-01-11

▶

Bugzilla

CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery↗2016-01-11

▶

Bugzilla

CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery [fedora-all]↗2016-01-11

▶

Bugzilla

CVE-2016-1498 owncloud: reflected XSS in OCS provider discovery [epel-7]↗2016-01-11

▶