Owncloud Server Security Vulnerabilities and Issues — Owncloud Server CVE List

Lucene search

OwncloudOwncloud Server

4 matches found

CVE•added 2013/08/15 5:55 p.m.•60 views

CVE-2013-1942

Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id pa...

4.3CVSS5.6AI score0.09229EPSS

CVE•added 2013/01/03 1:55 a.m.•51 views

CVE-2012-5665

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

4.3CVSS6.9AI score0.00431EPSS

CVE•added 2013/01/03 1:55 a.m.•45 views

CVE-2012-5666

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

4.3CVSS5.9AI score0.00407EPSS

CVE•added 2013/12/24 6:55 p.m.•44 views

CVE-2013-6403

The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.

6.8CVSS6.5AI score0.00349EPSS