CVE-2017-0891

Description

Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

Affected products

• nextcloud / nextcloud/serverbefore 9.0.58 and 10.0.5 and 11.0.3 – before 9.0.58 and 10.0.5 and 11.0.3

References

• MISChttps://nextcloud.com/security/advisory/?id=nc-sa-2017-008
• MISChttps://hackerone.com/reports/216812