Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-28 CVE-2016-9466 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application.
network
low complexity
owncloud nextcloud CWE-79
6.1
6.1
2017-03-28 CVE-2016-9465 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export.
network
low complexity
owncloud nextcloud CWE-79
5.4
5.4
2017-03-28 CVE-2016-9464 Improper Authorization vulnerability in Nextcloud Server
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares.
network
low complexity
nextcloud CWE-285
4.3
4.3
2017-03-28 CVE-2016-9462 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.
network
low complexity
owncloud nextcloud CWE-284
4.3
4.3
2017-03-28 CVE-2016-9461 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions.
network
low complexity
owncloud nextcloud CWE-284
4.3
4.3
2017-03-28 CVE-2016-9460 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app.
network
low complexity
nextcloud owncloud CWE-284
5.3
5.3
2017-03-28 CVE-2016-9459 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS.
network
low complexity
owncloud nextcloud CWE-79
6.1
6.1
2017-03-28 CVE-2016-9457 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Reflected XSS.
network
low complexity
revive-adserver CWE-79
5.4
5.4
2017-03-28 CVE-2016-9454 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Persistent XSS.
network
low complexity
revive-adserver CWE-79
5.4
5.4
2017-03-28 CVE-2016-9130 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Persistent XSS.
network
low complexity
revive-adserver CWE-79
5.4
5.4