CVE-2013-2150Cross-site Scripting in Owncloud

CWE-79Cross-site Scripting6 documents4 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 59.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDowncloud/owncloud4.5.11
NVDowncloud/owncloud_server39 versions+38

Patches

Patch: owncloud.orgPatch: owncloud.org

🔴Vulnerability Details

2
GHSA
GHSA-r7gm-v66r-96q4: Multiple cross-site scripting (XSS) vulnerabilities in js/viewer2022-05-17
CVEList
CVE-2013-2150: Multiple cross-site scripting (XSS) vulnerabilities in js/viewer2014-03-14

💬Community

3
Bugzilla
CVE-2013-2150 owncloud: Cross-site scripting due improper sanitization of the file name in the videoViewer JavaScript module (oC-SA-2013-028)2013-06-07
Bugzilla
CVE-2013-2149 CVE-2013-2150 owncloud various flaws [fedora-18]2013-06-07
Bugzilla
CVE-2013-2149 CVE-2013-2150 owncloud various flaws [epel-6]2013-06-07
CVE-2013-2150 — Cross-site Scripting in Owncloud | cvebase