CVE-2017-0891

MEDIUM

Nextcloud Server <9.0.58, 10.0.5, 11.0.3 - XSS

Title source: llm
STIX 2.1

Description

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://hackerone.com/reports/216812

Scores

CVSS v3 5.4
EPSS 0.0064
EPSS Percentile 46.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
Nextcloud/Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3
nextcloud/nextcloud_server < 9.0.58
Published May 08, 2017
Tracked Since Feb 18, 2026