Medium severity5.4OSV Advisory· Published Sep 17, 2016· Updated Jun 17, 2026
CVE-2016-7419
CVE-2016-7419
Description
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: <9.0.52
Patches
Vulnerability mechanics
References
5- github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fcnvdPatch
- hackerone.com/reports/145355nvdExploitMailing ListThird Party Advisory
- nextcloud.com/security/advisory/nvdVendor Advisory
- owncloud.org/security/advisory/nvdVendor Advisory
- www.securityfocus.com/bid/92373nvd
News mentions
0No linked articles in our index yet.