CVE-2013-1967
published 2014-02-05CVE-2013-1967: Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.21%
80.4th percentile
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Affected
86 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mediaelementjs | mediaelement.js | <= 2.11.1 | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
| mediaelementjs | mediaelement.js | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1967 owncloud: security fixes in 4.5.10 [epel-6]
bugzilla·2013-04-22·CVSS 4.3
CVE-2013-1967 [MEDIUM] CVE-2013-1967 owncloud: security fixes in 4.5.10 [epel-6]
CVE-2013-1967 owncloud: security fixes in 4.5.10 [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-6 tracking bug for owncloud: see bloc
Bugzilla
CVE-2013-1967 owncloud: security fixes in 4.5.10 [fedora-18]
bugzilla·2013-04-22·CVSS 4.3
CVE-2013-1967 [MEDIUM] CVE-2013-1967 owncloud: security fixes in 4.5.10 [fedora-18]
CVE-2013-1967 owncloud: security fixes in 4.5.10 [fedora-18]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-18 tracking bug for owncloud: see blo
Bugzilla
CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
bugzilla·2013-04-22·CVSS 4.0
CVE-2013-1963 [MEDIUM] CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
Two flaws were reported as fixed in ownCloud 4.5.10:
* XSS vulnerability in MediaElement.js (oC-SA-2013-017) [1]
* Privilege escalation in the contacts application (oC-SA-2013-018)
The XSS issue ([1]) has been assigned CVE-2013-1967 [3]. The second issue has not yet been assigned a CVE.
[1] http://owncloud.org/about/security/advisories/oC-SA-2013-017/
[2] http://owncloud.org/about/security/advisories/oC-SA-2013-018/
[3] http://seclists.org/oss-sec/2013/q2/111
Discussion:
Created owncloud tracking bugs for this issue
Affects: fedora-18 [bug 955308]
Affects: epel-6 [bug 955309]
---
In fact, issue [2] was assigned CVE-2013-1963 here:
http://seclists.org/oss-sec/2013/q2/133
---
This CVE Bugzilla entry is for community s
http://owncloud.org/about/security/advisories/oC-SA-2013-017http://seclists.org/oss-sec/2013/q2/111http://seclists.org/oss-sec/2013/q2/133http://secunia.com/advisories/53079https://bugzilla.redhat.com/show_bug.cgi?id=955307https://exchange.xforce.ibmcloud.com/vulnerabilities/83647https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecdhttps://github.com/johndyer/mediaelement/tree/2.11.1http://owncloud.org/about/security/advisories/oC-SA-2013-017http://seclists.org/oss-sec/2013/q2/111http://seclists.org/oss-sec/2013/q2/133http://secunia.com/advisories/53079https://bugzilla.redhat.com/show_bug.cgi?id=955307https://exchange.xforce.ibmcloud.com/vulnerabilities/83647https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecdhttps://github.com/johndyer/mediaelement/tree/2.11.1
2014-02-05
Published