Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:6EE3648B115A40E9B394F0288617873BHistoryJul 20, 2012 - 5:20 p.m.
Reflected XSS in the file list - ownCloud
2012-07-2017:20:32
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
27
0.002 Low
EPSS
Percentile
53.5%
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Affected Software
- ownCloud Server < 4.0.5 (CVE-2012-4394)
Action Taken
It is recommended that all instances are upgraded to ownCloud Server 4.0.5.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 4.0.5 |
Related
ubuntucve
ubuntucve
CVE-2012-4394
2012-09-05 00:00:00
cvelist
cvelist
CVE-2012-4394
2022-10-03 16:15:33
owncloud
owncloud
Server: Reflected XSS in the file list
2012-07-20 11:42:22
nvd
nvd
CVE-2012-4394
2012-09-05 23:55:02
cve
cve
CVE-2012-4394
2022-10-03 16:15:33
prion
prion
Cross site scripting
2012-09-05 23:55:00
openvas
openvas
ownCloud < 4.0.5 Multiple Vulnerabilities (oC-SA-2012-018)
2021-09-21 00:00:00