Description

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Remediation

References

CVE-2013-1967

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4696)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602)

Java Code Execution Vulnerability (CVE-2019-2745)

Envoy Proxy Other Vulnerability (CVE-2020-25017)

Oracle Database Server CVE-2015-4888 Vulnerability (CVE-2015-4888)

Severity

Medium

Classification

CVE-2013-1967 CWE-707

Tags

Missing Update Known Vulnerabilities