nextcloud, owncloud
2017-10-23 14:15
2017-06-16 19:21
2017-05-10 23:45
2017-04-14 10:19
2017-04-01 21:42
2017-03-28 21:03


Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information



Release Package Reason
precise nextcloud DNE
owncloud ignored
precise/esm nextcloud DNE
owncloud DNE
trusty nextcloud DNE
vivid/stable-phone-overlay nextcloud DNE
owncloud DNE
vivid/ubuntu-core nextcloud DNE
owncloud DNE
xenial nextcloud DNE
owncloud DNE
yakkety nextcloud DNE
owncloud DNE
zesty nextcloud DNE
owncloud DNE
artful nextcloud DNE
owncloud DNE
devel nextcloud DNE
owncloud DNE

Needs Triage

Release Package Reason
upstream nextcloud needs-triage
owncloud needs-triage
trusty owncloud needs-triage