CVE-2014-9041

2015-02-0418:00:00

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.4%

JSON

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

References

owncloud.org/security/advisory/?id=oc-sa-2014-027