ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5666)

Description

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

Remediation

References

CVE-2012-5666

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2484)

WordPress Plugin Wordpress Uninstall Cross-Site Request Forgery (1.2.1)

WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)

WordPress Plugin Events Manager Cross-Site Request Forgery (5.9.8.1)

OpenSSL Possible denial of service attack Vulnerability (CVE-2020-1971)

Severity

Medium

Classification

CVE-2012-5666 CWE-707