CVE-2017-0891 — Cross-site Scripting in Server

CWE-79 — Cross-site Scripting8 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 59.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedMay 8

Latest updateMay 13

Description

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server10.0.0 — 10.0.5+2

▶CVEListV5nextcloud/nextcloud_serverbefore 9.0.58 and 10.0.5 and 11.0.3

🔴Vulnerability Details

GHSA

GHSA-qxf8-5jgm-xwxj: Nextcloud Server before 9↗2022-05-13

▶

CVEList

CVE-2017-0891: Nextcloud Server before 9↗2017-05-08

▶

💬Community

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 owncloud: nextcloud: Multiple security issues [epel-7]↗2017-05-16

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 owncloud: nextcloud: Multiple security issues [fedora-all]↗2017-05-16

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 nextcloud: Multiple security issues [fedora-all]↗2017-05-09

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 nextcloud: Multiple security issues [epel-7]↗2017-05-09

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 nextcloud: Multiple security issues↗2017-05-09

▶