Description

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.

Remediation

References

CVE-2017-8896

Related Vulnerabilities

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1098)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8091)

WordPress Plugin Simply Static Arbitrary File Download (1.6.2)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-3164)

Severity

Medium

Classification

CVE-2017-8896 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities