Vulnerability Description
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
CVSS Score
5.4
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 9.0.58 |
Related Weaknesses (CWE)
References
- https://hackerone.com/reports/216812Third Party AdvisoryVDB Entry
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-008Vendor Advisory
- https://hackerone.com/reports/216812Third Party AdvisoryVDB Entry
- https://nextcloud.com/security/advisory/?id=nc-sa-2017-008Vendor Advisory
FAQ
What is CVE-2017-0891?
CVE-2017-0891 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
How severe is CVE-2017-0891?
CVE-2017-0891 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0891?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.