Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1665 — Cross-site Scripting in Owncloud

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 43.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Owncloud

Timeline

PublishedMar 20

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDowncloud/owncloud< 6.0.1

▶Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1.2

🔴Vulnerability Details

GHSA

GHSA-994c-3jcg-fx29: Cross-site scripting (XSS) vulnerability in ownCloud before 6↗2022-05-14

▶

CVEList

CVE-2014-1665: Cross-site scripting (XSS) vulnerability in ownCloud before 6↗2018-03-20

▶

OSV

CVE-2014-1665: Cross-site scripting (XSS) vulnerability in ownCloud before 6↗2018-03-20

▶

💥Exploits & PoCs

Exploit-DB

ownCloud 6.0.0a - Multiple Vulnerabilities↗2014-02-05

▶