Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudOwnCloudOC-SA-2012-020
HistoryJul 11, 2012 - 11:42 a.m.

Server: Multiple reflected XSS

2012-07-1111:42:22
owncloud.org
37

EPSS

0.002

Percentile

57.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via

  • file names to apps/user_ldap/settings.php
  • url or title parameter to apps/bookmarks/ajax/editBookmark.php
  • tag or page parameter to apps/bookmarks/ajax/updateList.php
  • identity to apps/user_openid/settings.php
  • stack name in apps/gallery/lib/tiles.php
  • root parameter to apps/gallery/templates/index.php
  • calendar displayname in apps/calendar/templates/part.import.php
  • calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php
  • title, location, or description parameter in apps/calendar/lib/object.php
  • certain vectors in core/js/multiselect.js
  • artist, album, or title comments parameter in apps/media/lib_scanner.php

For more information please consult the official advisory.

This advisory is licensed CC BY-SA 4.0

Related

cve 1
owncloud 5
ubuntucve 1
openvas 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2012-4395
2012-09-05 23:55:03
owncloud
owncloud
Multiple reflected XSS - ownCloud
2012-07-11 17:24:59
Multiple stored XSS - ownCloud
2012-07-04 17:25:57
Reflected XSS - ownCloud
2012-06-23 17:23:20
ubuntucve
ubuntucve
CVE-2012-4395
2012-09-05 00:00:00
openvas
openvas
ownCloud < 4.0.3 XSS Vulnerability (oC-SA-2012-019)
2021-09-21 00:00:00
nvd
nvd
CVE-2012-4395
2012-09-05 23:55:03
prion
prion
Cross site scripting
2012-09-05 23:55:00
cvelist
cvelist
CVE-2012-4395
2012-09-05 23:00:00

EPSS

0.002

Percentile

57.9%

JSON
Related for OC-SA-2012-020
cve1owncloud5ubuntucve1openvas1nvd1prion1cvelist1