Vulnerabilities > Nextcloud > Nextcloud Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-28 CVE-2016-9459 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS.
network
low complexity
owncloud nextcloud CWE-79
6.1
6.1
2016-09-17 CVE-2016-7419 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
network
low complexity
nextcloud owncloud CWE-79
5.4
5.4