cbcvebase.

Owncloud Server vulnerabilities

108 known vulnerabilities affecting owncloud/owncloud_server.

Total CVEs
108
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH11MEDIUM79LOW13

Vulnerabilities

Page 6 of 6
CVE-2016-1500P4LOWCVSS 3.1v8.0.0v8.0.2+10 more2016-01-08
CVE-2016-1500 [LOW] CWE-200 CVE-2016-1500: ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share.
nvd
CVE-2013-2047P4LOWCVSS 2.1v5.0.0v5.0.1+3 more2014-03-14
CVE-2013-2047 [LOW] CWE-264 CVE-2013-2047: The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting fo The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
nvd
CVE-2013-2041P4LOWCVSS 3.5v5.0.0v5.0.1+4 more2014-03-14
CVE-2013-2041 [LOW] CWE-79 CVE-2013-2041: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote auth Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.
nvd
CVE-2013-2042P4LOWCVSS 3.5v4.0.0v4.0.1+28 more2014-03-14
CVE-2013-2042 [LOW] CWE-79 CVE-2013-2042: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.
nvd
CVE-2013-0297P4LOWCVSS 3.5v4.5.0v4.5.1+20 more2014-03-14
CVE-2013-0297 [LOW] CWE-79 CVE-2013-0297: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
nvd
CVE-2013-0307P4LOWCVSS 3.5v3.0.0v3.0.1+20 more2014-03-14
CVE-2013-0307 [LOW] CWE-79 CVE-2013-0307: Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.
nvd
CVE-2015-5953P4LOWCVSS 3.5v8.0.0v8.0.2+1 more2015-10-21
CVE-2015-5953 [LOW] CWE-79 CVE-2015-5953: Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
nvd
CVE-2013-1822P4LOWCVSS 2.1v4.5.0v4.5.1+6 more2014-03-14
CVE-2013-1822 [LOW] CWE-79 CVE-2013-1822: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote auth Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2
nvd
Owncloud Server vulnerabilities | cvebase