Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
owncloudMateusz Goik – AliantSoft – Vulnerability discovery and disclosure.OWNCLOUD:BBC0BB401D090E2BEC328E74D4543615
HistoryJun 06, 2013 - 6:14 p.m.

Multiple XSS vulnerabilities - ownCloud

2013-06-0618:14:16
Mateusz Goik – AliantSoft – Vulnerability discovery and disclosure.
owncloud.org
16

EPSS

0.001

Percentile

30.0%

JSON

Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. (CVE-2013-2150)

Cross-site scripting (XSS) vulnerabilities in core/js/oc-dialogs.js via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and other versions before 4.0.16 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. (CVE-2013-2149)

Affected Software

  • ownCloud Server < 5.0.7 (CVE-2013-2150, CVE-2013-2149)
  • ownCloud Server < 4.5.12 (CVE-2013-2150, CVE-2013-2149)
  • ownCloud Server < 4.0.16 (CVE-2013-2149)

Action Taken

It is recommended that all instances are upgraded to ownCloud Server 5.0.7.

Acknowledgements

The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:

  • Mateusz Goik - AliantSoft - Vulnerability discovery and disclosure.

Related

mageia 1
nessus 3
openvas 5
owncloud 1
ubuntucve 2
cvelist 2
cve 2
prion 2
nvd 2
fedora 1
freebsd 1
mageia
mageia
Updated owncloud package fixes security vulnerabilities
2013-06-18 18:58:38
nessus
nessus
Mandriva Linux Security Advisory : owncloud (MDVSA-2013:175)
2013-06-18 00:00:00
FreeBSD : owncloud -- Multiple security vulnerabilities (d7a43ee6-d2d5-11e2-9894-002590082ac6)
2013-06-12 00:00:00
Fedora 18 : owncloud-4.5.12-1.fc18 (2013-10440)
2013-07-12 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0171)
2022-01-28 00:00:00
ownCloud Multiple Cross Site Scripting Vulnerabilities -02 (May 2014)
2014-05-06 00:00:00
ownCloud Multiple Cross Site Scripting Vulnerabilities -03 (May 2014)
2014-05-06 00:00:00
owncloud
owncloud
Server: Multiple XSS vulnerabilities
2013-06-06 11:42:22
ubuntucve
ubuntucve
CVE-2013-2149
2014-03-14 00:00:00
CVE-2013-2150
2014-03-14 00:00:00
cvelist
cvelist
CVE-2013-2149
2014-03-14 16:00:00
CVE-2013-2150
2014-03-14 16:00:00
cve
cve
CVE-2013-2149
2014-03-14 16:55:05
CVE-2013-2150
2014-03-14 16:55:05
prion
prion
Cross site scripting
2014-03-14 16:55:00
Cross site scripting
2014-03-14 16:55:00
nvd
nvd
CVE-2013-2150
2014-03-14 16:55:05
CVE-2013-2149
2014-03-14 16:55:05
fedora
fedora
[SECURITY] Fedora 18 Update: owncloud-4.5.12-1.fc18
2013-06-24 03:27:14
freebsd
freebsd
owncloud -- Multiple security vulnerabilities
2013-05-14 00:00:00

EPSS

0.001

Percentile

30.0%

JSON
Related for OWNCLOUD:BBC0BB401D090E2BEC328E74D4543615
mageia1nessus3openvas5owncloud1ubuntucve2cvelist2cve2prion2nvd2fedora1freebsd1