GCVE - cpe:2.3:a:n/a:nextcloud_server_&_owncloud_server_nextcloud_server_before_10.0.1_&_owncloud_server_before_9.0.6_and

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:nextcloud_server_&_owncloud_server_nextcloud_server_before_10.0.1_&_owncloud_server_before_9.0.6_and_9.1.2:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Nextcloud Server & Owncloud Server Nextcloud Server Before 10.0.1 & Owncloud Server Before 9.0.6 And 9.1.2 (`53a7e04a-0dd3-5951-985a-9587f3fcc4fb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-9466`	vulnerable	2026-06-08 05:08:23.953032	Details available Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability. Published: 2017-03-28T02:46:00.000Z Updated: 2024-08-06T02:50:38.485Z Open on db.gcve.eu Reference links https://nextcloud.com/security/advisory/?id=nc-sa-2016-009 https://github.com/nextcloud/gallery/commit/f9ef505c1d60c9041e251682e0f6b3daad952d58 https://hackerone.com/reports/165686 https://owncloud.org/security/advisory/?id=oc-sa-2016-019 https://github.com/owncloud/gallery/commit/dc4887f1afcc0cf304f4a0694075c9364298ad8a	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9465`	vulnerable	2026-06-08 05:08:23.952296	Details available Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack. Published: 2017-03-28T02:46:00.000Z Updated: 2024-08-06T02:50:38.411Z Open on db.gcve.eu Reference links https://nextcloud.com/security/advisory/?id=nc-sa-2016-008 https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e https://hackerone.com/reports/163338 https://owncloud.org/security/advisory/?id=oc-sa-2016-018 https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Nextcloud Server & Owncloud Server Nextcloud Server Before 10.0.1 & Owncloud Server Before 9.0.6 And 9.1.2

PURL mappings

Vulnerability references

Contribute