Lucene search
Ahsan Khan – Vulnerability discovery and disclosure.OWNCLOUD:8FFF42091609312D8C25A49A8AD430BAHistoryMay 31, 2017 - 11:35 a.m.
XSS in search dialogue - ownCloud
2017-05-3111:35:54
Ahsan Khan – Vulnerability discovery and disclosure.
owncloud.org
497
EPSS
0.001
Percentile
21.6%
Inadequate escaping lead to XSS vulnerability in the search module. To be exploitable an user has to write or paste malicious content into the search dialogue.
Affected Software
- ownCloud Server < 10.0.2 (CVE-2017-9338)
- ownCloud Server < 9.1.6 (CVE-2017-9338)
- ownCloud Server < 9.0.10 (CVE-2017-9338)
- ownCloud Server < 8.2.12 (CVE-2017-9338)
Action Taken
Escape output
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Ahsan Khan - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0. Original source: nextcloud.com
Related
cvelist
cvelist
CVE-2017-9338
2017-07-17 21:00:00
nvd
nvd
CVE-2017-9338
2017-07-17 21:29:00
owncloud
owncloud
XSS in search dialogue - ownCloud
2017-05-31 11:37:41
Server: XSS in search dialogue
2017-05-31 10:39:57
ubuntucve
ubuntucve
CVE-2017-9338
2017-07-17 00:00:00
prion
prion
Cross site scripting
2017-07-17 21:29:00
cve
cve
CVE-2017-9338
2017-07-17 21:29:00
osv
osv
CVE-2017-9338
2017-07-17 21:29:00
openvas
openvas
ownCloud Multiple XSS Vulnerabilities
2017-07-19 00:00:00