CVE-2016-9459 (retired)

Priority
Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are
vulnerable to a log pollution vulnerability potentially leading to a local
XSS. The download log functionality in the admin screen is delivering the
log in JSON format to the end-user. The file was delivered with an
attachment disposition forcing the browser to download the document.
However, Firefox running on Microsoft Windows would offer the user to open
the data in the browser as an HTML document. Thus any injected data in the
log would be executed.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-03-26 12:23:33 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)