2 matches found
CVE-2013-0298
OwnCloud 4.5.x is vulnerable to multiple XSS via (1) an iCalendar file in the calendar app, (2) the dir or (3) file parameters to apps/files_pdfviewer/viewer.php, or (4) the mountpoint parameter to /apps/files_external/addMountPoint.php. Root cause: improper handling of untrusted input in these c...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the "sitename" and "siteurl" POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...