OpenCVE

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Nextcloud Server
Owncloud	Owncloud

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:owncloud:owncloud::::::::
	cpe:2.3:a:owncloud:owncloud::::::::

No data.

References

Link	Providers
https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0
https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e
https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845
https://hackerone.com/reports/163338
https://nextcloud.com/security/advisory/?id=nc-sa-2016-008
https://owncloud.org/security/advisory/?id=oc-sa-2016-018

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2017-03-28T02:46:00

Updated: 2024-08-06T02:50:38.411Z

Reserved: 2016-11-19T00:00:00

Link: CVE-2016-9465

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-28T02:59:01.043

Modified: 2024-11-21T03:01:16.317

Link: CVE-2016-9465

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2", "vendor": "n/a", "versions": [{"status": "affected", "version": "Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-03-28T02:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/163338"}, {"tags": ["x_refsource_MISC"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2016-9465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2", "version": {"version_data": [{"version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008", "refsource": "MISC", "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"}, {"name": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"}, {"name": "https://hackerone.com/reports/163338", "refsource": "MISC", "url": "https://hackerone.com/reports/163338"}, {"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018", "refsource": "MISC", "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"}, {"name": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0", "refsource": "MISC", "url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"}, {"name": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845", "refsource": "MISC", "url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:50:38.411Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/163338"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-9465", "datePublished": "2017-03-28T02:46:00", "dateReserved": "2016-11-19T00:00:00", "dateUpdated": "2024-08-06T02:50:38.411Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "8288B81D-CA35-46EB-A7E7-B60B193E3F81", "versionEndExcluding": "10.0.1", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA8CCC5C-D019-4A80-BD8D-3914BFFC60C0", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E9501A9-E507-4A81-954B-D6D3223EE2F8", "versionEndExcluding": "9.1.2", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack."}, {"lang": "es", "value": "Nextcloud Server en versiones anteriores a 10.0.1 y ownCloud Server en versiones anteriores a 9.0.6 y 9.1.2 sufren de XSS almacenado en la exportaci\u00f3n de im\u00e1genes CardDAV. La funcionalidad de exportaci\u00f3n de im\u00e1genes CardDAV implementada en Nextcloud/ownCloud permite descargar im\u00e1genes almacenadas dentro de una vCard. Debido a que no realiza ning\u00fan tipo de verificaci\u00f3n en el contenido de la imagen, esto es propenso a un ataque de secuencias de comandos entre sitios."}], "id": "CVE-2016-9465", "lastModified": "2024-11-21T03:01:16.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-28T02:59:01.043", "references": [{"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"}, {"source": "support@hackerone.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"}, {"source": "support@hackerone.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/163338"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/server/commit/68ab8325c799d20c1fb7e98d670785176590e7d0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/6bf3be3877d9d9fda9c66926fe273fe79cbaf58e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/owncloud/core/commit/b5a5be24c418033cb2ef965a4f3f06b7b4213845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/163338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-018"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}