CVE-2016-9460

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
UI
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
nextcloudnextcloud
𝑥
≤ 9.0.51
owncloudowncloud
𝑥
≤ 9.0.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nextcloud
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
dne
owncloud
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97282
https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e
https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c
https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983
https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf
https://hackerone.com/reports/145463
https://nextcloud.com/security/advisory/?id=nc-sa-2016-003
https://owncloud.org/security/advisory/?id=oc-sa-2016-013
http://www.securityfocus.com/bid/97282
https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e
https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c
https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983
https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf
https://hackerone.com/reports/145463
https://nextcloud.com/security/advisory/?id=nc-sa-2016-003
https://owncloud.org/security/advisory/?id=oc-sa-2016-013