CVE-2016-1498

Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.
Cross-site Scripting
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
owncloudowncloud
𝑥
≤ 7.0.11
owncloudowncloud
8.0.0
owncloudowncloud
8.0.2
owncloudowncloud
8.0.3
owncloudowncloud
8.0.4
owncloudowncloud
8.0.5
owncloudowncloud
8.0.6
owncloudowncloud
8.0.8
owncloudowncloud
8.0.9
owncloudowncloud
8.1.0
owncloudowncloud
8.1.1
owncloudowncloud
8.1.3
owncloudowncloud
8.1.4
owncloudowncloud
8.2.0
owncloudowncloud
8.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
owncloud
wily
dne
vivid
dne
trusty
dne
precise
not-affected