WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2041)

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.

Remediation

References

Related Vulnerabilities

Drupal Core 9.1.x Directory Traversal (9.1.0 - 9.1.10)

WordPress Plugin Booster for WooCommerce PHP Object Injection (3.0.1)

WordPress Plugin CevherShare 'cevhershare-admin.php' SQL Injection (2.0)

MySQL CVE-2019-2810 Vulnerability (CVE-2019-2810)

WordPress Plugin Easy Digital Downloads-htaccess Editor Cross-Site Scripting (1.0.0)

Severity

Low

Classification

CVE-2013-2041 CWE-707

Tags

Missing Update Known Vulnerabilities