Description

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

Remediation

References

CVE-2014-9041

Related Vulnerabilities

WordPress Plugin Structured Content (JSON-LD) #wpsc Cross-Site Scripting (1.5)

WordPress Plugin Thank You Counter Button Multiple Cross-Site Scripting Vulnerabilities (1.8.7)

Apache Tomcat Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4444)

Oracle Database Server CVE-2014-6560 Vulnerability (CVE-2014-6560)

Opencart Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3990)

Severity

Medium

Classification

CVE-2014-9041 CWE-352

Tags

Missing Update Known Vulnerabilities