EUVD-2014-9523

Malware in sbrugna...

EUVD-2015-3093

Malware in sbrugna...

CVE-2023-6852 kalcaddle KodExplorer app.php server-side request forgery

A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to...

PT-2023-32793 · Kalcaddle · Kodexplorer

Name of the Vulnerable Software and Affected Versions: kalcaddle KodExplorer versions up to 4.51.03 Description: A critical vulnerability has been found in kalcaddle KodExplorer, affecting an unknown function of the file plugins/webodf/app.php. This issue leads to server-side request forgery and...

Multiple Cross-Site Scripting Vulnerabilities in WebODF

WebODF is an online viewing editor. WebODF fails to properly filter style or font name or javascript or data URI parameters, which can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack sessions or...

WebODF Cross-Site Scripting Vulnerability

WebODF is an online viewing editor. WebODF suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive cookies, hijack sessions or perform malicious operations on t...

CVE-2015-3012

Multiple cross-site scripting XSS vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a 1 style or 2 font name or 3 javascript or 4 data URI...

Cross site scripting

Cross-site scripting XSS vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name...

CVE-2014-9716

Cross-site scripting XSS vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name...

CVE-2015-3012

Multiple cross-site scripting XSS vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a 1 style or 2 font name or 3 javascript or 4 data URI...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a 1 style or 2 font name or 3 javascript or 4 data URI...

CVE-2014-9716

CVE-2014-9716 affects WebODF prior to 0.5.4, enabling a cross-site scripting (XSS) flaw via a file name. Remote attackers can inject arbitrary script/HTML and potentially compromise the victim’s browser session. The connected sources reiterate the same vulnerability description but do not provide...

CVE-2015-3012

Multiple cross-site scripting XSS vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a 1 style or 2 font name or 3 javascript or 4 data URI...

CVE-2015-3012

WebODF (used by ownCloud) is affected by CVE-2015-3012: multiple XSS vulnerabilities allow remote attackers to inject arbitrary script or HTML via (1) style, (2) font name, (3) javascript, or (4) data URI parameters. Affected version: WebODF before 0.5.5. Root cause is insufficient filtering of t...

CVE-2014-9716

Cross-site scripting XSS vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name...

Multiple stored XSS in "documents" application - ownCloud

Due to not sanitising all user provided input, the "documents" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "documents" application is enabled by default in the ownCloud Community Edition but not shipped with the...

Server: Multiple stored XSS in "documents" application

Due to not sanitising all user provided input, the "documents" application shipped with the mentioned ownCloud versions is vulnerable to multiple stored cross-site scripting attacks. The "documents" application is enabled by default in the ownCloud Community Edition but not shipped with the...

CVE-2012-5056

Multiple cross-site scripting XSS vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 readyCallback parameter to apps/filesodfviewer/src/webodf/webodf/flashput/PUT.swf, the 2 root parameter to apps/gallery/templates/index.php, or...