Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:2A279B7C7F7FB3FC7DADF5F77A47729BMultiple XSS - ownCloud
0.001 Low
EPSS
Percentile
50.2%
Due to not sanitising all user provided input the below mentioned ownCloud versions are vulnerable against several XSS attack vectors.
ownCloud advises browsers to disable inline JavaScript execution due to the used Content-Security-Policy, this vulnerability is therefore likely not exploitable if you use a browser that fully supports the current CSP standard.
Affected Software
- ownCloud Server < 6.0.3 (CVE-2014-3832, CVE-2014-3833)
- ownCloud Server < 5.0.16 (CVE-2014-3833)
Action Taken
ownCloud offers the functions p() which encodes potential dangerous input using htmlspecialchars(). We have reviewed whether the potential insecure pendant print_unescaped() was used in other places and replaced unneeded occurrences with the safe variant.
This review helped us to discover vulnerabilities in the following components.
stable6
- Gallery (stored) (CVE-2014-3833)
- ownCloud core (stored + reflected) (CVE-2014-3833)
- Documents (stored) (CVE-2014-3832)
stable5
- Gallery (stored) (CVE-2014-3833)
- ownCloud core (stored + reflected) (CVE-2014-3833)
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 6.0.3 | |
| owncloud server | lt | 5.0.16 |
Related
