CVE-2012-4397

2022-10-0316:15:33

redhat

www.cve.org

owncloud

cross-site scripting

xss

vulnerabilities

web script

html

calendar

displayname

choosecalendar

rowfields

shared

contacts

vcard

php

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.