Description
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-11327)
Django Relative Path Traversal Vulnerability (CVE-2025-59682)
MySQL CVE-2017-3650 Vulnerability (CVE-2017-3650)
XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662)
WordPress Plugin Snazzy Maps Cross-Site Request Forgery (1.1.5)