Lucene search
Mathias Karlsson – Detectify – Vulnerability discovery and disclosure of CVE-2013-0201., Ahmad Ashraff – Vulnerability discovery and disclosure of CVE-2013-0202., Frans Rosén – Detectify – Vulnerability discovery and disclosure of CVE-2012-0203.OWNCLOUD:916D7CAC0D46BF7D36FE82C557690043HistoryJan 22, 2013 - 5:26 p.m.
Multiple XSS vulnerabilities - ownCloud
2013-01-2217:26:49
Mathias Karlsson – Detectify – Vulnerability discovery and disclosure of CVE-2013-0201., Ahmad Ashraff – Vulnerability discovery and disclosure of CVE-2013-0202., Frans Rosén – Detectify – Vulnerability discovery and disclosure of CVE-2012-0203.
owncloud.org
29
0.004 Low
EPSS
Percentile
74.9%
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5 and 4.0.10 and all prior versions allow remote attackers to inject arbitrary web script or HTML via
- the GET parameters to resetpassword.php in core/lostpassword/templates/ (CVE-2013-0201)
- Commits: c05c8ab (stable45), 4e2b834 (stable4)
- Risk: Medium
- Note: This is a reflected XSS, which can be only abused using Internet Explorer 9 and prior.
- the mime parameter to mimeicon.php in apps/files/ajax/ (CVE-2013-0201)
- Commits: b8e0309 (stable45), f603454 (stable4)
- Risk: Medium
- Note: This is a reflected XSS, which only affects ownCloud versions hosted by Windows.
- the token parameter to sharing.php in apps/gallery/ (CVE-2013-0201)
- Commits: 34ac2f5 (stable45), f71f0ad (stable4)
- Risk: Medium
- Note: This is a reflected XSS, for a successful exploitation the “gallery” app needs to be enabled.
- the action parameter to sharing.php in core/ajax/ (CVE-2013-0202)
- Commits: fb334f3 (stable45), 306d5ee (stable4)
- Risk: Low
- Note: This is a self XSS, for a successful exploitation the user needs to enter malicious Javascript on his own.
- the POST parameters to new.php in apps/calendar/ajax/event/ (CVE-2013-0203)
- Commits: 9e6ba80e (stable45), 708bd (stable4)
- Risk: High
- Note: This is a stored XSS, for a successful exploitation the “calendar” app needs to be enabled. An authenticated remote attacker may be able to share this crafted event with other users.
- the url parameter to addBookmark.php in apps/bookmarks/ajax/ (CVE-2013-0203)
- Commits: 6aba1e8 (stable45), 3f37063 (stable4)
- Risk: Low
- Note: This is a stored XSS, for a successful exploitation the “bookmarks” app needs to be enabled.
Affected Software
- ownCloud Server < 4.0.11 (CVE-2013-0201, CVE-2013-0202, CVE-2013-0203)
- ownCloud Server < 4.5.6 (CVE-2013-0201, CVE-2013-0202, CVE-2013-0203)
Action Taken
It is recommended that all instances are upgraded to ownCloud Server 4.0.11 or 4.5.6.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Mathias Karlsson - Detectify - Vulnerability discovery and disclosure of CVE-2013-0201.
- Ahmad Ashraff - Vulnerability discovery and disclosure of CVE-2013-0202.
- Frans Rosén - Detectify - Vulnerability discovery and disclosure of CVE-2012-0203.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 4.0.11 | |
| owncloud server | lt | 4.5.6 |
Related
owncloud
owncloud
Server: Multiple XSS vulnerabilities
2013-01-22 10:42:22
openvas
openvas
ownCloud Multiple XSS Vulnerabilities-01 (Apr 2014)
2014-04-04 00:00:00
ownCloud <= 4.0.10, 4.5.x <= 4.5.5 Multiple Vulnerabilities - Active Check
2013-01-24 00:00:00
ubuntucve
ubuntucve
prion
prion
Cross site scripting
2013-01-31 12:06:00
Cross site scripting
2019-11-22 19:15:00
Cross site scripting
2019-12-17 18:15:00
nvd
nvd
cvelist
cvelist
cve
cve
ibm
ibm