Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-8896 Cross-site Scripting vulnerability in Owncloud
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
network
owncloud CWE-79
4.3
2017-03-28 CVE-2016-9468 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9467 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9466 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application.
4.3
2017-03-28 CVE-2016-9465 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export.
3.5
2017-03-28 CVE-2016-9463 Improper Authentication vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass.
6.8
2017-03-28 CVE-2016-9462 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9461 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9460 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9459 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS.
4.3