CVE-2012-2397Cross-Site Request Forgery in Owncloud

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 57.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedApr 20
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDowncloud/owncloud_server3.0.0, 3.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-gg9w-26m5-gwq9: Cross-site request forgery (CSRF) vulnerability in ownCloud before 32022-05-17
CVEList
CVE-2012-2397: Cross-site request forgery (CSRF) vulnerability in ownCloud before 32012-04-20
CVE-2012-2397 — Cross-Site Request Forgery in Owncloud | cvebase