Description

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Remediation

References

CVE-2016-9460

Related Vulnerabilities

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6850)

WordPress Plugin Easy Registration Forms Cross-Site Request Forgery (2.1.1)

Ruby Resource Management Errors Vulnerability (CVE-2008-3443)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-40601)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Security Bypass (2.0.15)

Severity

Medium

Classification

CVE-2016-9460 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities