Description

Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Remediation

References

CVE-2012-4394

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Mailchimp Security Bypass (2.1.3)

WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.21)

WordPress Plugin vSlider Multi Image Slider for WordPress Multiple Vulnerabilities (4.1.2)

PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-39528)

Severity

Medium

Classification

CVE-2012-4394 CWE-707

Tags

Missing Update Known Vulnerabilities