CVE-2017-0888User Interface (UI) Misrepresentation of Critical Information in Nextcloud

CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NextcloudNextcloud Server
Timeline
PublishedApr 5
Latest updateMay 17

Description

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5nextcloud/nextcloud_serverAll versions before 9.0.55 and 10.0.2

Patches

Patch: nextcloud.comPatch: nextcloud.com

🔴Vulnerability Details

2
GHSA
GHSA-vm7h-q75f-9ph4: Nextcloud Server before 92022-05-17
CVEList
CVE-2017-0888: Nextcloud Server before 92017-04-05

💥Exploits & PoCs

1
Exploit-DB
Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection2017-12-08
CVE-2017-0888 — Nextcloud vulnerability | cvebase