cbcvebase.

Owncloud Server vulnerabilities

108 known vulnerabilities affecting owncloud/owncloud_server.

Total CVEs
108
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH11MEDIUM79LOW13

Vulnerabilities

Page 5 of 6
CVE-2013-0201P4MEDIUMCVSS 4.3v4.0.0v4.0.1+9 more2014-03-18
CVE-2013-0201 [MEDIUM] CWE-79 CVE-2013-0201: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow rem Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
nvd
CVE-2012-4397P4MEDIUMCVSS 4.3v3.0.0v3.0.1+2 more2012-09-05
CVE-2012-4397 [MEDIUM] CWE-79 CVE-2012-4397: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
nvd
CVE-2012-4390P4MEDIUMCVSS 4.0v3.0.0v3.0.1+8 more2012-09-05
CVE-2012-4390 [MEDIUM] CWE-200 CVE-2012-4390: (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0 (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
nvd
CVE-2014-3838P4MEDIUMCVSS 4.0v5.0.0v5.0.1+16 more2014-06-04
CVE-2014-3838 [MEDIUM] CWE-264 CVE-2014-3838: ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allo ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.
nvd
CVE-2012-5666P4MEDIUMCVSS 4.3v4.0.0v4.0.1+13 more2013-01-03
CVE-2012-5666 [MEDIUM] CWE-79 CVE-2012-5666: Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.1 Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.
nvd
CVE-2012-5606P4MEDIUMCVSS 4.3v3.0.0v3.0.1+11 more2012-12-18
CVE-2012-5606 [MEDIUM] CWE-79 CVE-2012-5606: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js.
nvd
CVE-2012-4394P4MEDIUMCVSS 4.3v3.0.0v3.0.1+6 more2012-09-05
CVE-2012-4394 [MEDIUM] CWE-79 CVE-2012-4394: Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allow Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
nvd
CVE-2012-4395P4MEDIUMCVSS 4.3v3.0.0v3.0.1+3 more2012-09-05
CVE-2012-4395 [MEDIUM] CWE-79 CVE-2012-4395: Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attacke Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
nvd
CVE-2012-2398P4MEDIUMCVSS 4.3v3.0.0v3.0.12012-04-20
CVE-2012-2398 [MEDIUM] CVE-2012-2398: Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.
nvd
CVE-2014-3832P4MEDIUMCVSS 4.3v6.0.0v6.0.1+1 more2014-06-04
CVE-2014-3832 [MEDIUM] CWE-79 CVE-2014-3832: Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
nvd
CVE-2014-9049P4MEDIUMCVSS 4.0v6.0.0v6.0.1+7 more2015-02-04
CVE-2014-9049 [MEDIUM] CWE-200 CVE-2014-9049: The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote aut The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.
nvd
CVE-2014-3837P4MEDIUMCVSS 4.0v6.0.0v6.0.12014-06-04
CVE-2014-3837 [MEDIUM] CWE-264 CVE-2014-3837: The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, whi The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors.
nvd
CVE-2012-5056P4MEDIUMCVSS 4.3v4.0.0v4.0.1+5 more2014-06-04
CVE-2012-5056 [MEDIUM] CWE-79 CVE-2012-5056: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote att Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
nvd
CVE-2014-3833P4MEDIUMCVSS 4.3v5.0.0v5.0.1+16 more2014-06-04
CVE-2014-3833 [MEDIUM] CWE-79 CVE-2014-3833: Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ow Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
nvd
CVE-2014-2057P4MEDIUMCVSS 4.3v3.0.0v3.0.1+49 more2014-03-24
CVE-2014-2057 [MEDIUM] CWE-79 CVE-2014-2057: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-0298P4MEDIUMCVSS 4.3v4.5.0v4.5.1+5 more2014-03-14
CVE-2013-0298 [MEDIUM] CWE-79 CVE-2013-0298: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote atta Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
nvd
CVE-2013-2040P4LOWCVSS 3.5v4.0.0v4.0.1+28 more2014-03-14
CVE-2013-2040 [LOW] CWE-79 CVE-2013-2040: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-2149P4LOWCVSS 3.5≥ 5.0.0, < 5.0.72014-03-14
CVE-2013-2149 [LOW] CWE-79 CVE-2013-2149: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 a Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
nvd
CVE-2013-2150P4LOWCVSS 3.5v5.0.0v5.0.1+37 more2014-03-14
CVE-2013-2150 [LOW] CWE-79 CVE-2013-2150: Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5. Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.
nvd
CVE-2014-9042P4LOWCVSS 3.5v5.0.0v5.0.1+24 more2015-02-04
CVE-2014-9042 [LOW] CVE-2014-9042: Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
nvd
Owncloud Server vulnerabilities | cvebase