VYPR
Medium severity5.4NVD Advisory· Published Mar 28, 2017· Updated Jun 17, 2026

CVE-2016-9465

CVE-2016-9465

Description

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Nextcloud/Server2 versions
    cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*range: >=10.0.0,<10.0.1
    • (no CPE)range: <10.0.1
  • cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
    Range: >=9.0.0,<9.0.6
  • OwnCloud/Serverllm-fuzzy
    Range: <9.0.6, <9.1.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.