Medium Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5608)	CVE-2012-5608 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5666)	CVE-2012-5666 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0201)	CVE-2013-0201 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0202)	CVE-2013-0202 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0203)	CVE-2013-0203 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0298)	CVE-2013-0298 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1890)	CVE-2013-1890 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1942)	CVE-2013-1942 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1967)	CVE-2013-1967 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1665)	CVE-2014-1665 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2057)	CVE-2014-2057 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3832)	CVE-2014-3832 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3833)	CVE-2014-3833 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1498)	CVE-2016-1498 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7419)	CVE-2016-7419 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9459)	CVE-2016-9459 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9465)	CVE-2016-9465 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9466)	CVE-2016-9466 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)	CVE-2017-8896 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9338)	CVE-2017-9338 CWE-707	CWE-707	Medium
ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3013)	CVE-2015-3013 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893)	CVE-2013-1893 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2045)	CVE-2013-2045 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2046)	CVE-2013-2046 CWE-138	CWE-138	Medium
ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-23948)	CVE-2023-23948 CWE-138	CWE-138	Medium
ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)	CVE-2020-36251 CWE-269	CWE-269	Medium
ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)	CVE-2021-29659 CWE-863	CWE-863	Medium
ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)	CVE-2021-35949 CWE-863	CWE-863	Medium
ownCloud Other Vulnerability (CVE-2012-4389)	CVE-2012-4389		Medium
ownCloud Other Vulnerability (CVE-2012-5057)	CVE-2012-5057		Medium
ownCloud Other Vulnerability (CVE-2012-5609)	CVE-2012-5609		Medium
ownCloud Other Vulnerability (CVE-2013-2089)	CVE-2013-2089		Medium
ownCloud Other Vulnerability (CVE-2015-5954)	CVE-2015-5954		Medium
ownCloud Other Vulnerability (CVE-2015-6670)	CVE-2015-6670		Medium
ownCloud Other Vulnerability (CVE-2022-25338)	CVE-2022-25338		Medium
ownCloud Other Vulnerability (CVE-2022-25339)	CVE-2022-25339		Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4752)	CVE-2012-4752 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)	CVE-2012-5665 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)	CVE-2013-0304 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)	CVE-2013-1963 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)	CVE-2013-2043 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)	CVE-2013-2048 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)	CVE-2013-6403 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2049)	CVE-2014-2049 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)	CVE-2014-3835 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)	CVE-2014-3837 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)	CVE-2014-3838 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)	CVE-2014-3963 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)	CVE-2014-9048 CWE-264	CWE-264	Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)	CVE-2016-5876 CWE-264	CWE-264	Medium
ownCloud Session Fixation Vulnerability (CVE-2021-35948)	CVE-2021-35948 CWE-384	CWE-384	Medium
ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)	CVE-2017-5867 CWE-400	CWE-400	Medium
PAN-OS GlobalProtect XSS (CVE-2025-0133)	CVE-2025-0133 CWE-79	CWE-79	Medium
Password found in server response	CWE-312	CWE-312	Medium
Password transmitted over HTTP	CWE-523	CWE-523	Medium
Path Traversal in Next.js up to 9.3.1	CVE-2020-5284 CWE-22	CWE-22	Medium
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1534)	CVE-2025-1534 CWE-707	CWE-707	Medium
Payara Micro File Read (CVE-2021-41381)	CVE-2021-41381 CWE-22	CWE-22	Medium
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)	CVE-2023-41699 CWE-601	CWE-601	Medium
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)	CVE-2024-7312 CWE-601	CWE-601	Medium
Pega Infinity Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-9559)	CVE-2025-9559 CWE-639	CWE-639	Medium
Pega Infinity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-35656)	CVE-2022-35656 CWE-352	CWE-352	Medium
Pega Infinity CVE-2021-27653 Vulnerability (CVE-2021-27653)	CVE-2021-27653		Medium
Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16386)	CVE-2019-16386 CWE-425	CWE-425	Medium
Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16388)	CVE-2019-16388 CWE-425	CWE-425	Medium
Pega Infinity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11356)	CVE-2017-11356 CWE-200	CWE-200	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-11355)	CVE-2017-11355 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17478)	CVE-2017-17478 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23957)	CVE-2020-23957 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24353)	CVE-2020-24353 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35654)	CVE-2022-35654 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35655)	CVE-2022-35655 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-4843)	CVE-2023-4843 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-26465)	CVE-2023-26465 CWE-707	CWE-707	Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-50167)	CVE-2023-50167 CWE-707	CWE-707	Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5608)

CVE-2012-5608

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5666)

CVE-2012-5666

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0201)

CVE-2013-0201

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0202)

CVE-2013-0202

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0203)

CVE-2013-0203

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0298)

CVE-2013-0298

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1890)

CVE-2013-1890

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1942)

CVE-2013-1942

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1967)

CVE-2013-1967

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1665)

CVE-2014-1665

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2057)

CVE-2014-2057

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3832)

CVE-2014-3832

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3833)

CVE-2014-3833

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1498)

CVE-2016-1498

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7419)

CVE-2016-7419

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9459)

CVE-2016-9459

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9465)

CVE-2016-9465

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9466)

CVE-2016-9466

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)

CVE-2017-8896

CWE-707

Medium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9338)

CVE-2017-9338

CWE-707

Medium

ownCloud Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2015-3013)

CVE-2015-3013

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893)

CVE-2013-1893

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2045)

CVE-2013-2045

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2046)

CVE-2013-2046

CWE-138

Medium

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-23948)

CVE-2023-23948

CWE-138

Medium

ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)

CVE-2020-36251

CWE-269

Medium

ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)

CVE-2021-29659

CWE-863

Medium

ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)

CVE-2021-35949

CWE-863

Medium

ownCloud Other Vulnerability (CVE-2012-4389)

CVE-2012-4389

Medium

ownCloud Other Vulnerability (CVE-2012-5057)

CVE-2012-5057

Medium

ownCloud Other Vulnerability (CVE-2012-5609)

CVE-2012-5609

Medium

ownCloud Other Vulnerability (CVE-2013-2089)

CVE-2013-2089

Medium

ownCloud Other Vulnerability (CVE-2015-5954)

CVE-2015-5954

Medium

ownCloud Other Vulnerability (CVE-2015-6670)

CVE-2015-6670

Medium

ownCloud Other Vulnerability (CVE-2022-25338)

CVE-2022-25338

Medium

ownCloud Other Vulnerability (CVE-2022-25339)

CVE-2022-25339

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4752)

CVE-2012-4752

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)

CVE-2012-5665

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)

CVE-2013-0304

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)

CVE-2013-1963

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)

CVE-2013-2043

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)

CVE-2013-2048

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)

CVE-2013-6403

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2049)

CVE-2014-2049

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)

CVE-2014-3835

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)

CVE-2014-3837

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)

CVE-2014-3838

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)

CVE-2014-3963

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)

CVE-2014-9048

CWE-264

Medium

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)

CVE-2016-5876

CWE-264

Medium

ownCloud Session Fixation Vulnerability (CVE-2021-35948)

CVE-2021-35948

CWE-384

Medium

ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)

CVE-2017-5867

CWE-400

Medium

PAN-OS GlobalProtect XSS (CVE-2025-0133)

CVE-2025-0133

CWE-79

Medium

Password found in server response

CWE-312

Medium

Password transmitted over HTTP

CWE-523

Medium

Path Traversal in Next.js up to 9.3.1

CVE-2020-5284

CWE-22

Medium

Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1534)

CVE-2025-1534

CWE-707

Medium

Payara Micro File Read (CVE-2021-41381)

CVE-2021-41381

CWE-22

Medium

Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)

CVE-2023-41699

CWE-601

Medium

Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)

CVE-2024-7312

CWE-601

Medium

Pega Infinity Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-9559)

CVE-2025-9559

CWE-639

Medium

Pega Infinity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-35656)

CVE-2022-35656

CWE-352

Medium

Pega Infinity CVE-2021-27653 Vulnerability (CVE-2021-27653)

CVE-2021-27653

Medium

Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16386)

CVE-2019-16386

CWE-425

Medium

Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16388)

CVE-2019-16388

CWE-425

Medium

Pega Infinity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11356)

CVE-2017-11356

CWE-200

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-11355)

CVE-2017-11355

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17478)

CVE-2017-17478

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23957)

CVE-2020-23957

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24353)

CVE-2020-24353

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35654)

CVE-2022-35654

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35655)

CVE-2022-35655

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-4843)

CVE-2023-4843

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-26465)

CVE-2023-26465

CWE-707

Medium

Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-50167)

CVE-2023-50167

CWE-707

Medium

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities