Lucene search
OwnCloudOC-SA-2014-010HistoryMay 24, 2014 - 11:54 a.m.
Server: Multiple XSS
2014-05-2411:54:29
owncloud.org
14
EPSS
0.001
Percentile
50.1%
Due to not sanitising all user provided input the below mentioned ownCloud versions are vulnerable against several XSS attack vectors.
ownCloud advises browsers to disable inline JavaScript execution due to the used Content-Security-Policy, this vulnerability is therefore likely not exploitable if you use a browser that fully supports the current CSP standard.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
Related
owncloud
owncloud
Multiple XSS - ownCloud
2013-05-24 18:25:28
cvelist
cvelist
CVE-2014-3832
2014-06-04 14:00:00
CVE-2014-3833
2014-06-04 14:00:00
prion
prion
Cross site scripting
2014-06-04 14:55:00
Cross site scripting
2014-06-04 14:55:00
ubuntucve
ubuntucve
CVE-2014-3832
2014-06-04 00:00:00
CVE-2014-3833
2014-06-04 00:00:00
cve
cve
CVE-2014-3832
2014-06-04 14:55:04
CVE-2014-3833
2014-06-04 14:55:04
nvd
nvd
CVE-2014-3832
2014-06-04 14:55:04
CVE-2014-3833
2014-06-04 14:55:04
openvas
openvas
ownCloud Multiple Vulnerabilities-04 (Jul 2014)
2014-07-03 00:00:00
ownCloud Multiple Vulnerabilities-03 (Jul 2014)
2014-07-03 00:00:00