CVE-2017-0891

EPSS 0.6%CWE-79

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

Affected products

Nextcloud · Nextcloud Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://hackerone.com/reports/216812 https://nextcloud.com/security/advisory/?id=nc-sa-2017-008