Vulnerabilities > Nextcloud > Nextcloud Server > 5.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-08 | CVE-2017-0892 | Session Fixation vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | 4.3 |
| 2017-05-08 | CVE-2017-0891 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | 3.5 |
| 2017-05-08 | CVE-2017-0890 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. | 3.5 |
| 2017-04-05 | CVE-2017-0887 | Improper Input Validation vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. | 4.3 |
| 2017-04-05 | CVE-2017-0886 | Uncontrolled Recursion vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. | 6.5 |
| 2017-04-05 | CVE-2017-0885 | Information Exposure vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. | 4.3 |
| 2017-04-05 | CVE-2017-0884 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. | 4.3 |
| 2017-04-05 | CVE-2017-0883 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. | 5.5 |
| 2017-03-28 | CVE-2016-9468 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. | 5.0 |
| 2017-03-28 | CVE-2016-9467 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. | 5.0 |