Description
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3065)
OpenSSL Excessive Iteration Vulnerability (CVE-2023-3817)
MySQL CVE-2015-2582 Vulnerability (CVE-2015-2582)
WordPress Plugin CM Ad Changer Multiple Cross-Site Scripting Vulnerabilities (1.7.2)
SharePoint Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-1261)