Lucene search

K
prionPRIOn knowledge basePRION:CVE-2016-9459
HistoryMar 28, 2017 - 2:59 a.m.

Design/Logic Flaw

2017-03-2802:59:00
PRIOn knowledge base
www.prio-n.com
3

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.6%

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.

CPENameOperatorVersion
nextcloud_serverlt9.0.52
owncloudlt9.0.4

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.6%