5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.9%
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
www.securityfocus.com/bid/92373
github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
hackerone.com/reports/145355
nextcloud.com/security/advisory/?id=nc-sa-2016-001
owncloud.org/security/advisory/?id=oc-sa-2016-011