Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that (1) conduct cross-site scripting (XSS) attacks, (2) modify files, or (3) rename files via unspecified vectors.

Remediation

References

CVE-2014-3836

Related Vulnerabilities

Apache Traffic Server HTTP Request Smuggling Vulnerability (CVE-2020-17509 )

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1498)

WordPress Plugin Post Custom Templates Lite Cross-Site Scripting (1.6)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)

WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)

Severity

Medium

Classification

CVE-2014-3836 CWE-352

Tags

Missing Update Known Vulnerabilities