3 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this c...
CVE-2014-9041
The CVE-2014-9041 entry concerns ownCloud bookmarks import functionality lacking CSRF token validation. Affected versions: server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3. Root cause: missing CSRF protection in the import flow, enabling CSRF attacks from remote attackers. Reported im...
CVE-2014-9042
CVE-2014-9042 is an XSS in the import functionality of the ownCloud bookmarks app, affecting versions prior to 5.0.18, 6.x prior to 6.0.6, and 7.x prior to 7.0.3. The vulnerability allows remote authenticated users to inject arbitrary script/HTML by importing a link with an unspecified protocol. ...