CVE-2013-0201Cross-site Scripting in Owncloud

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 37.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 18
Latest updateMay 5

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud4.0.10
NVDowncloud/owncloud_server11 versions+10

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-h555-5cgv-rp9r: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 42022-05-05
CVEList
CVE-2013-0201: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 42014-03-18
CVE-2013-0201 — Cross-site Scripting in Owncloud | cvebase