CVE-2016-9460
EUVD-2016-1026628.03.2017, 02:59
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nextcloud | nextcloud | 𝑥 ≤ 9.0.51 |
| owncloud | owncloud | 𝑥 ≤ 9.0.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-451 - User Interface (UI) Misrepresentation of Critical InformationThe user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
References