Owncloud Server Security Vulnerabilities and Issues — Owncloud Server CVE List

Lucene search

OwncloudOwncloud Server

11 matches found

CVE•added 2015/10/21 3:59 p.m.•67 views

CVE-2015-5953

Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.

3.5CVSS5.1AI score0.00185EPSS

CVE•added 2014/03/14 4:55 p.m.•57 views

CVE-2013-2149

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.

3.5CVSS5.1AI score0.00185EPSS

CVE•added 2014/03/14 4:55 p.m.•51 views

CVE-2013-2042

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark...

3.5CVSS5.3AI score0.00185EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2040

3.5CVSS5.2AI score0.00185EPSS

CVE•added 2014/03/14 4:55 p.m.•45 views

CVE-2013-2150

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

3.5CVSS5.6AI score0.00185EPSS

CVE•added 2016/01/08 9:59 p.m.•45 views

CVE-2016-1500

ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belongin...

3.5CVSS5.2AI score0.00293EPSS

CVE•added 2014/03/14 4:55 p.m.•43 views

CVE-2013-2041

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/fi...

3.5CVSS5.4AI score0.00185EPSS

CVE•added 2014/03/14 3:55 p.m.•41 views

CVE-2013-0307

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

3.5CVSS5.8AI score0.00284EPSS

CVE•added 2014/03/14 4:55 p.m.•41 views

CVE-2013-1851

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors.

3.5CVSS6.4AI score0.00171EPSS

CVE•added 2015/02/04 6:59 p.m.•41 views

CVE-2014-9042

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this c...

3.5CVSS5.2AI score0.00185EPSS

CVE•added 2014/03/14 3:55 p.m.•40 views

CVE-2013-0297

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

3.5CVSS5.4AI score0.00185EPSS