Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9042)

Description

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.

Remediation

References

Related Vulnerabilities

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20901)

Jboss EAP Incorrect Authorization Vulnerability (CVE-2017-12196)

TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12648)

Nginx Integer Overflow or Wraparound Vulnerability (CVE-2017-7529)

WordPress Plugin myEASYbackup 'dwn_file' Parameter Directory Traversal (1.0.8.1)

Severity

Low

Classification

CVE-2014-9042 CWE-707

Tags

Missing Update Known Vulnerabilities