Owncloud Server vulnerabilities
108 known vulnerabilities affecting owncloud/owncloud_server.
Total CVEs
108
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH11MEDIUM79LOW13
Vulnerabilities
Page 5 of 6
CVE-2013-0201P4MEDIUMCVSS 4.3v4.0.0v4.0.1+9 more2014-03-18
CVE-2013-0201 [MEDIUM] CWE-79 CVE-2013-0201: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow rem
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
nvd
CVE-2012-4397P4MEDIUMCVSS 4.3v3.0.0v3.0.1+2 more2012-09-05
CVE-2012-4397 [MEDIUM] CWE-79 CVE-2012-4397: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
nvd
CVE-2012-4390P4MEDIUMCVSS 4.0v3.0.0v3.0.1+8 more2012-09-05
CVE-2012-4390 [MEDIUM] CWE-200 CVE-2012-4390: (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
nvd
CVE-2014-3838P4MEDIUMCVSS 4.0v5.0.0v5.0.1+16 more2014-06-04
CVE-2014-3838 [MEDIUM] CWE-264 CVE-2014-3838: ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allo
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
nvd
CVE-2012-5666P4MEDIUMCVSS 4.3v4.0.0v4.0.1+13 more2013-01-03
CVE-2012-5666 [MEDIUM] CWE-79 CVE-2012-5666: Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.1
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
nvd
CVE-2012-5606P4MEDIUMCVSS 4.3v3.0.0v3.0.1+11 more2012-12-18
CVE-2012-5606 [MEDIUM] CWE-79 CVE-2012-5606: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js.
nvd
CVE-2012-4394P4MEDIUMCVSS 4.3v3.0.0v3.0.1+6 more2012-09-05
CVE-2012-4394 [MEDIUM] CWE-79 CVE-2012-4394: Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allow
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
nvd
CVE-2012-4395P4MEDIUMCVSS 4.3v3.0.0v3.0.1+3 more2012-09-05
CVE-2012-4395 [MEDIUM] CWE-79 CVE-2012-4395: Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attacke
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
nvd
CVE-2012-2398P4MEDIUMCVSS 4.3v3.0.0v3.0.12012-04-20
CVE-2012-2398 [MEDIUM] CVE-2012-2398: Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.
nvd
CVE-2014-3832P4MEDIUMCVSS 4.3v6.0.0v6.0.1+1 more2014-06-04
CVE-2014-3832 [MEDIUM] CWE-79 CVE-2014-3832: Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
nvd
CVE-2014-9049P4MEDIUMCVSS 4.0v6.0.0v6.0.1+7 more2015-02-04
CVE-2014-9049 [MEDIUM] CWE-200 CVE-2014-9049: The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote aut
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
nvd
CVE-2014-3837P4MEDIUMCVSS 4.0v6.0.0v6.0.12014-06-04
CVE-2014-3837 [MEDIUM] CWE-264 CVE-2014-3837: The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, whi
The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
nvd
CVE-2012-5056P4MEDIUMCVSS 4.3v4.0.0v4.0.1+5 more2014-06-04
CVE-2012-5056 [MEDIUM] CWE-79 CVE-2012-5056: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote att
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
nvd
CVE-2014-3833P4MEDIUMCVSS 4.3v5.0.0v5.0.1+16 more2014-06-04
CVE-2014-3833 [MEDIUM] CWE-79 CVE-2014-3833: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ow
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
nvd
CVE-2014-2057P4MEDIUMCVSS 4.3v3.0.0v3.0.1+49 more2014-03-24
CVE-2014-2057 [MEDIUM] CWE-79 CVE-2014-2057: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0298P4MEDIUMCVSS 4.3v4.5.0v4.5.1+5 more2014-03-14
CVE-2013-0298 [MEDIUM] CWE-79 CVE-2013-0298: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote atta
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
nvd
CVE-2013-2040P4LOWCVSS 3.5v4.0.0v4.0.1+28 more2014-03-14
CVE-2013-2040 [LOW] CWE-79 CVE-2013-2040: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11,
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-2149P4LOWCVSS 3.5≥ 5.0.0, < 5.0.72014-03-14
CVE-2013-2149 [LOW] CWE-79 CVE-2013-2149: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 a
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
nvd
CVE-2013-2150P4LOWCVSS 3.5v5.0.0v5.0.1+37 more2014-03-14
CVE-2013-2150 [LOW] CWE-79 CVE-2013-2150: Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.
nvd
CVE-2014-9042P4LOWCVSS 3.5v5.0.0v5.0.1+24 more2015-02-04
CVE-2014-9042 [LOW] CVE-2014-9042: Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
nvd