Description

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.

Remediation

References

CVE-2017-8896

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)

RubyGems Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-1000073)

SharePoint Other Vulnerability (CVE-2020-1147)

WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Scripting (2.70)

PostgreSQL Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-7348)

Severity

Medium

Classification

CVE-2017-8896 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities