Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 unspecified parameters to apps/calendar/ajax/event/new.php or 2 url parameter to apps/bookmarks/ajax/addBookmark.php...