CVE-2016-1498

MEDIUM

ownCloud Server <7.0.12-8.2.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

References (1)

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (15)

owncloud/owncloud < 7.0.11
owncloud/owncloud
owncloud/owncloud
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server

Timeline

Published Jan 08, 2016
Tracked Since Feb 18, 2026