OwnCloud Multiple Security Vulnerabilities Network Vulnerability

Summary

ownCloud is prone to an arbitrary-code execution vulnerability, multiple HTML-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user- supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user and to execute arbitrary code in the context of the web server. Other attacks are also possible. The following versions are vulnerable: ownCloud 4.0.10 and prior ownCloud 4.5.5 and prior

Solution

Vendor updates are available. Please see the references for more information.

References

http://owncloud.org/
http://www.securityfocus.com/bid/57497

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-0201, CVE-2013-0202, CVE-2013-0203, CVE-2013-0204

CVSS	Base Score: 7.5 AV:N/AC:M/Au:S/C:C/I:P/A:P

Related Vulnerabilities

artmedic_links5 File Inclusion Vulnerability
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
4psa Voipnow Local File Inclusion Vulnerability
ATutor password reminder SQL injection
b2Evolution title SQL Injection

ownCloud Multiple Security Vulnerabilities

Take action and discover your vulnerabilities