Lucene search

[email protected]NVD:CVE-2012-2269

HistoryApr 20, 2012 - 10:55 a.m.

CVE-2012-2269

2012-04-2010:55:01

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.

Affected configurations

NVD

Node

owncloudowncloudRange≤3.0.2

owncloudowncloudMatch3.0.0

owncloudowncloudMatch3.0.1

References

archives.neohapsis.com/archives/bugtraq/2012-04/0127.html

osvdb.org/81206

osvdb.org/81207

osvdb.org/81208

osvdb.org/81209

osvdb.org/81210

owncloud.org/security/advisories/CVE-2012-2269/

secunia.com/advisories/48850

www.openwall.com/lists/oss-security/2012/08/11/1

www.openwall.com/lists/oss-security/2012/09/02/2

www.securityfocus.com/bid/53145

www.tele-consulting.com/advisories/TC-SA-2012-01.txt

exchange.xforce.ibmcloud.com/vulnerabilities/75028

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Related for NVD:CVE-2012-2269

cve2 prion2 ubuntucve2 cvelist2 securityvulns2 packetstorm1 nvd1 openvas1