Description

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Remediation

References

CVE-2016-9460

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4289)

WordPress Plugin Unite Gallery Lite Multiple Vulnerabilities (1.4.6)

Joomla! Core 2.5.x SQL Injection (2.5.0 - 2.5.1)

IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2020-4965)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Multiple Vulnerabilities (3.63)

Severity

Medium

Classification

CVE-2016-9460 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities