CVE-2013-0297Cross-site Scripting in Owncloud

CWE-79Cross-site Scripting3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 59.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 5

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud4.0.11
NVDowncloud/owncloud_server22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-mpw5-cpxr-wm7h: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42022-05-05
CVEList
CVE-2013-0297: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42014-03-14
CVE-2013-0297 — Cross-site Scripting in Owncloud | cvebase