CVE-2016-7419

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-7419

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7419.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-7419

Published

2016-09-17T21:59:11.777Z

Modified

2025-12-09T11:52:44.685052Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.

References

Affected packages

Git / github.com/nextcloud/gallery

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/gallery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6933d27afe518967bd1b60e6a7eacd88288929fc

Affected versions

2.*

2.0.0

2.0.10

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

8.*

8.0.11

v1.*

v1.0-rc1

Other

v12-stable8

v8.*

v8.2RC1

v8.2RC2

v8.2beta1

v9.*

v9.0.0

v9.0.0RC1

v9.0.0RC2

v9.0.0RC3

v9.0.0beta2

v9.0.1

v9.0.1RC1

v9.0.1RC2

v9.0.1beta

v9.0.2

v9.0.2RC1

v9.0.2RC2

v9.0.3

v9.0.3RC1

v9.0beta1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7419.json"

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-7419.json"