Description

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

Remediation

References

CVE-2013-0301

Related Vulnerabilities

Dolibarr Improper Privilege Management Vulnerability (CVE-2020-14201)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7579)

WordPress Plugin Real WYSIWYG 'insert_file.php' Arbitrary File Upload (0.0.2)

Moodle 7PK - Security Features Vulnerability (CVE-2015-5331)

WordPress Plugin WooCommerce Product Feed Manager Security Bypass (2.2.3)

Severity

Medium

Classification

CVE-2013-0301 CWE-352

Tags

Missing Update Known Vulnerabilities