VYPR
Medium severity6.1NVD Advisory· Published Mar 28, 2017· Updated Jun 17, 2026

CVE-2016-9459

CVE-2016-9459

Description

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Nextcloud/Server2 versions
    cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*range: <9.0.52
    • (no CPE)range: <9.0.52
  • cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
    Range: <9.0.4
  • OwnCloud/Serverllm-fuzzy
    Range: <9.0.4

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.