Description

Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.

Remediation

References

CVE-2012-2398

Related Vulnerabilities

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2003-1599)

Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-8450)

Severity

Medium

Classification

CVE-2012-2398 CWE-707

Tags

Missing Update Known Vulnerabilities