Description
ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.
Remediation
References
Related Vulnerabilities
PHP Resource Management Errors Vulnerability (CVE-2010-1861)
WordPress Plugin Nextend Facebook Connect Cross-Site Scripting (1.5.0)
WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)
Drupal Other Vulnerability (CVE-2022-25275)
WordPress Plugin WC Duplicate Order Unspecified Vulnerability (1.3)