Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.

Remediation

References

CVE-2013-1822

Related Vulnerabilities

Drupal Other Vulnerability (CVE-2007-0658)

Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)

WordPress Plugin Simple File List Cross-Site Scripting (4.4.11)

WordPress Plugin Donation Thermometer Cross-Site Scripting (2.1.2)

WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.5)

Severity

Low

Classification

CVE-2013-1822 CWE-707

Tags

Missing Update Known Vulnerabilities