- Risk: medium
- CVSS v3 Base Score: 4.7
- CVSS v3 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
- CWE ID: CWE-79
- CWE Name: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Description
The login page was not properly sanitizing exception messages from the ownCloud server.
Affected
ownCloud/core version < 10.5 (CVE-2020-16255)
Action taken
Error messages are now properly sanitized