Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.

Remediation

References

CVE-2012-5056

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (2.9.8)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.52)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28978)

WordPress Plugin Discounts Manager for Products Cross-Site Scripting (3.4.4)

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2008-2364)

Severity

Medium

Classification

CVE-2012-5056 CWE-707

Tags

Missing Update Known Vulnerabilities