Description
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.
Remediation
References
Related Vulnerabilities
Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2023-33950)
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)
WordPress Plugin Real WYSIWYG 'insert_file.php' Arbitrary File Upload (0.0.2)
WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4)