Reflected XSS in Gallery application
Platform: ownCloud Server
Versions: 9.0.6, 9.1.2,
Risk level: Medium
CVSS v3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
HackerOne report: 165686
The gallery app was not properly sanitizing exception messages from the ownCloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability.
- ownCloud Server < 9.1.2 (CVE-2016-????)
- ownCloud Server < 9.0.6 (CVE-2016-????)
Error messages are now properly sanitized.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Aliaksei Panamarenka – Vulnerability discovery and disclosure.