Nextcloud server 12.0.5App password scope can be changed for other users
Reflected XSS in Gallery application (NC-SA-2016-009)
10th October 2016
Risk level: Medium
CVSS v3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
HackerOne report: 165686
The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability.
- Nextcloud Server < 10.0.1 (CVE-2016-9466)
Error messages are now properly sanitized.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Aliaksei Panamarenka - Vulnerability discovery and disclosure.
This advisory is licensed CC BY-SA 4.0.