Description

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.

Remediation

References

CVE-2014-9042

Related Vulnerabilities

WordPress Plugin hashtagger Unspecified Vulnerability (6)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1029)

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2924)

WordPress Plugin Catch Themes Demo Import Arbitrary File Upload (1.7)

WordPress Plugin Shopping Cart & eCommerce Store Unspecified Vulnerability (3.1.9)

Severity

Low

Classification

CVE-2014-9042 CWE-707

Tags

Missing Update Known Vulnerabilities