CVE-2016-1498

MEDIUM

ownCloud Server <7.0.12-8.2.2 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2016-001

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 48.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (15)
owncloud/owncloud 8.2.0
owncloud/owncloud 8.2.1
owncloud/owncloud < 7.0.11
owncloud/owncloud_server 8.0.0
owncloud/owncloud_server 8.0.2
owncloud/owncloud_server 8.0.3
owncloud/owncloud_server 8.0.4
owncloud/owncloud_server 8.0.5
owncloud/owncloud_server 8.0.6
owncloud/owncloud_server 8.0.8
... and 5 more
Published Jan 08, 2016
Tracked Since Feb 18, 2026