Description

Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.

Remediation

References

CVE-2015-5953

Related Vulnerabilities

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)

WordPress Plugin Social Media Share Buttons & Social Sharing Icons Cross-Site Scripting (1.1.1.11)

WordPress Plugin WebP Express Cross-Site Scripting (0.14.4)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.30)

WordPress Plugin PublishPress Capabilities-User Role Access, Editor Permissions, Admin Menus Security Bypass (2.3)

Severity

Low

Classification

CVE-2015-5953 CWE-707

Tags

Missing Update Known Vulnerabilities