Description

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

Remediation

References

CVE-2013-0301

Related Vulnerabilities

WordPress Plugin Verse-O-Matic Cross-Site Request Forgery (4.1.1)

WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.0.2)

Oracle JRE CVE-2013-5797 Vulnerability (CVE-2013-5797)

MySQL CVE-2018-2813 Vulnerability (CVE-2018-2813)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Insecure Direct Object Reference (3.0.4)

Severity

Medium

Classification

CVE-2013-0301 CWE-352

Tags

Missing Update Known Vulnerabilities