PT-2017-10150 · Mozilla+3 · Firefox+3

Alejo Popovici

Publicado

2017-03-28

Atualizado

2019-10-09

CVE-2016-9459

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 9.0.52 ownCloud Server versions prior to 9.0.4

Description The issue concerns a log pollution vulnerability that could potentially lead to a local XSS. The download log functionality in the admin screen delivers logs in JSON format. However, in certain browser configurations, such as Firefox on Microsoft Windows, the log data can be opened as an HTML document, allowing any injected data in the log to be executed.

Recommendations For Nextcloud Server versions prior to 9.0.52, update to version 9.0.52 or later. For ownCloud Server versions prior to 9.0.4, update to version 9.0.4 or later.

Exploit

Correção

XSS

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-209

Identificadores relacionados

CVE-2016-9459

Produtos afetados

Firefox

Windows

Nextcloud Server

Owncloud Server

PT-2017-10150 · Mozilla+3 · Firefox+3

CVE-2016-9459

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11