CVE-2017-0891

Summary

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

Affected Software

VendorProductVersion RangeStatus
NextcloudNextcloud Serverbefore 9.0.58 and 10.0.5 and 11.0.3affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References