Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.

Remediation

References

CVE-2013-2042

Related Vulnerabilities

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5606)

WordPress Plugin uTubeVideo Gallery Cross-Site Scripting (2.0.7)

Drupal Core 7.x Cross-Site Request Forgery (7.0 - 7.12)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-10959)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5651)

Severity

Low

Classification

CVE-2013-2042 CWE-707

Tags

Missing Update Known Vulnerabilities