CVE-2013-1822Cross-site Scripting in Server

CWE-79Cross-site Scripting3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.2%
top 59.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud Server
Timeline
PublishedMar 14
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDowncloud/owncloud_server8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-w52p-wjwj-p65g: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 42022-05-17
CVEList
CVE-2013-1822: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 42014-03-14
CVE-2013-1822 — Cross-site Scripting in Owncloud Server | cvebase