CVE-2013-2149Cross-site Scripting in Owncloud

CWE-79Cross-site Scripting6 documents4 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 59.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud< 4.0.16
NVDowncloud/owncloud_server5.0.05.0.7

Patches

Patch: owncloud.orgPatch: owncloud.org

🔴Vulnerability Details

2
GHSA
GHSA-6pw3-c62c-m9jg: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42022-05-14
CVEList
CVE-2013-2149: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 42014-03-14

💬Community

3
Bugzilla
CVE-2013-2149 owncloud: Cross-site scripting in owncloud jQuery dialogs due improper escaping of filenames in filepicker module (oC-SA-2013-028)2013-06-07
Bugzilla
CVE-2013-2149 CVE-2013-2150 owncloud various flaws [fedora-18]2013-06-07
Bugzilla
CVE-2013-2149 CVE-2013-2150 owncloud various flaws [epel-6]2013-06-07
CVE-2013-2149 — Cross-site Scripting in Owncloud | cvebase