OwnCloud / NextCloud 10.0.1 Cross Site Scripting

Posted on 08 November 2016

Dear Community By comparing the advisory of NextCloud and OwnCloud I figured out that OwnCloud has multiple not patched vulnerabilities. You can see list here it seems all patches missing from latest Nextcloud 10.0.1 release in OwnCloud: https://nextcloud.com/security/advisories. This seems to include XSS vulns and more. An example exploit for one of the vulns would look like that: http://demo.owncloud.org/index.php/apps/gallery/#<script>alert(document.domain)</script>/%00 And also RhinosSecurity seem to have blogged about unfixed vulns in OwnCloud: https://rhinosecuritylabs.com/2016/10/operation-ownedcloud-exploitation-post-exploitation-persistence/i>>? Hope that OwnCloud fixes this soon! Cheers Matei Felix

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20