How severe is CVE-2016-9459?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2016-9459?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2016-9459 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.

Related Vulnerabilities

CVE-2020-25778

MEDIUM

CVSS:6.0(Medium)

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must firs...

CWE-2092020

CVE-2019-4420

MEDIUM

CVSS:6.2(Medium)

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 16...

CWE-2092019

CVE-2024-52896

MEDIUM

CVSS:6.2(Medium)

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CWE-2092024

CVE-2024-52897

MEDIUM

CVSS:6.2(Medium)

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.

CWE-2092024

CVE-2024-52898

MEDIUM

CVSS:6.2(Medium)

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned.

CWE-2092024

CVE-2024-23945

MEDIUM

CVSS:5.9(Medium)

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying th...

CWE-2092024