OwnCloud Multiple Cross Site Scripting Vulnerabilities -01 May14 Network Vulnerability

Summary

This host is installed with ownCloud and is prone to multiple cross-site scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Impact Level: Application

Solution

Upgrade to ownCloud version 4.5.8 or later, For updates refer to http://owncloud.org

Insight

Multiple flaws exists due to insufficient validation of user-supplied input passed via the 'quota' POST parameter to setquota.php within /core/settings/ajax, 'group' parameter passed to the settings.php script and 'shareWith' parameter passed to the core/js/share.js script.

Affected

ownCloud Server 4.5.x before version 4.5.8

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://owncloud.org/about/security/advisories/oC-SA-2013-008
http://seclists.org/oss-sec/2013/q1/652
http://www.osvdb.com/91291
http://www.osvdb.com/91292

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-1822

CVSS	Base Score: 2.1 AV:N/AC:H/Au:S/C:N/I:P/A:N

Related Vulnerabilities

Nagios XI 'users.php' Multiple Cross-Site Scripting Vulnerabilities
Bitweaver Multiple Cross-Site Scripting Vulnerabilities
OTRS installer.pl Password Disclosure Vulnerability
PunBB detection
Oracle 9iAS SOAP configuration file retrieval

ownCloud Multiple Cross Site Scripting Vulnerabilities -01 May14

Take action and discover your vulnerabilities