Summary
This host is installed with ownCloud and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to ownCloud version 4.5.8 or later,
For updates refer to http://owncloud.org
Insight
Multiple flaws exists due to insufficient validation of user-supplied input passed via the 'quota' POST parameter to setquota.php within /core/settings/ajax, 'group' parameter passed to the settings.php script and 'shareWith' parameter passed to the core/js/share.js script.
Affected
ownCloud Server 4.5.x before version 4.5.8
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-1822 -
CVSS Base Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N
Related Vulnerabilities
- MantisBT Cross-site scripting Vulnerability
- phpMyAdmin 'db_create.php' Cross Site Scripting Vulnerability
- PHP display_errors Cross-Site Scripting Vulnerability
- BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities
- DD-WRT '/Info.live.htm' Multiple Information Disclosure Vulnerabilities