Description

ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to apps/calendar/export.php.

Remediation

References

CVE-2015-6670

Related Vulnerabilities

Drupal Other Vulnerability (CVE-2016-3167)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2890)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6379)

WordPress Plugin Cookie Bar Cross-Site Scripting (1.8.8)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37431)

Severity

Medium

Classification

CVE-2015-6670

Tags

Missing Update Known Vulnerabilities