Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.

Remediation

References

CVE-2014-3833

Related Vulnerabilities

Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)

Oracle JRE CVE-2013-2470 Vulnerability (CVE-2013-2470)

Joomla CVE-2021-26031 Vulnerability (CVE-2021-26031)

ownCloud Improper Access Control Vulnerability (CVE-2016-9461)

MySQL CVE-2014-2434 Vulnerability (CVE-2014-2434)

Severity

Medium

Classification

CVE-2014-3833 CWE-707

Tags

Missing Update Known Vulnerabilities