Vulnerabilities > Nextcloud > Nextcloud Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-05 | CVE-2017-0883 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. | 6.4 |
| 2017-03-28 | CVE-2016-9468 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. | 5.3 |
| 2017-03-28 | CVE-2016-9467 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. | 5.3 |
| 2017-03-28 | CVE-2016-9466 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. | 6.1 |
| 2017-03-28 | CVE-2016-9465 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. | 5.4 |
| 2017-03-28 | CVE-2016-9464 | Improper Authorization vulnerability in Nextcloud Server Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. | 4.3 |
| 2017-03-28 | CVE-2016-9462 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. | 4.3 |
| 2017-03-28 | CVE-2016-9461 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. | 4.3 |
| 2017-03-28 | CVE-2016-9459 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. | 6.1 |
| 2016-09-17 | CVE-2016-7419 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name. | 5.4 |