Description
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2087 Vulnerability (CVE-2021-2087)
WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)
WordPress Plugin Unyson Information Disclosure (2.7.18)
Oracle Application Server CVE-2006-0289 Vulnerability (CVE-2006-0289)
WordPress Plugin Widgets for SiteOrigin Unspecified Vulnerability (1.4.4)