CVE-2013-2042Cross-site Scripting in Owncloud

CWE-79Cross-site Scripting7 documents5 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 59.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1
NVDowncloud/owncloud4.0.14
NVDowncloud/owncloud_server30 versions+29

Patches

Patch: owncloud.orgPatch: owncloud.org

🔴Vulnerability Details

3
GHSA
GHSA-pr4g-h87m-hcmm: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42022-05-17
CVEList
CVE-2013-2042: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42014-03-14
OSV
CVE-2013-2042: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42014-03-14

💬Community

3
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.112013-05-14
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]2013-05-14
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]2013-05-14
CVE-2013-2042 — Cross-site Scripting in Owncloud | cvebase