This host is running ownCloud and is prone to cross-site scripting and file upload vulnerabilities.

Successful exploitation will allow remote attacker to execute arbitrary HTML or script code or discloses sensitive information resulting in loss of confidentiality.

Upgrade to ownCloud 4.5.2 or later, For updates refer to http://owncloud.org

Multiple flaws are due to, - An input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. - Certain unspecified input passed to apps/user_webdavauth/settings.php is not properly sanitised before being returned to the user. - An error due to the lib/migrate.php and lib/filesystem.php scripts are not properly verifying uploaded files.

ownCloud versions before 4.0.9 and 4.5.0, 4.5.x before 4.5.2

Send a crafted data via HTTP request and check whether it is able to read cookie or not.

• http://owncloud.org/changelog
• http://secunia.com/advisories/51357
• http://www.openwall.com/lists/oss-security/2012/11/30/3
• https://github.com/owncloud/core/commit/ce66759
• https://github.com/owncloud/core/commit/e5f2d46
• https://github.com/owncloud/core/commit/e45f36c

---

Updated on 2015-03-25