Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
[
{
"product": "ownCloud Server",
"vendor": "ownCloud",
"versions": [
{
"status": "affected",
"version": "4.5.5"
},
{
"status": "affected",
"version": "4.0.10"
},
{
"status": "affected",
"version": "and earlier"
}
]
}
]