This host is installed with ownCloud and is prone to multiple cross-site scripting and cross-site request forgery vulnerabilities.

Successful exploitation will allow remote attackers to conduct request forgery attacks and execute arbitrary script code in a user's browser. Impact Level: Application

Upgrade to ownCloud version 4.5.7 or later, For updates refer to http://owncloud.org

Multiple flaws are due to, - Improper validation of user-supplied input passed via 'mountpoint' parameter upon submission to the /apps/files_external/addMountPoint.php script, 'dir' and 'file' parameters upon submission to the /apps/files_pdfviewer/viewer.php script and 'iCalendar' file in the calendar application. - Insufficient validation of user-supplied input passed via the the 'v' POST parameter to changeview.php within /apps/calendar/ajax, multiple unspecified parameters to addRootCertificate.php, dropbox.php and google.php scripts within /apps/files_external/ajax and multiple unspecified POST parameters to settings.php script within /apps/user_webdavauth.

ownCloud Server before version 4.5.x before 4.5.7

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://owncloud.org/about/security/advisories/oC-SA-2013-003
• http://owncloud.org/about/security/advisories/oC-SA-2013-004
• http://seclists.org/oss-sec/2013/q1/378
• http://www.osvdb.com/90495

---

Updated on 2017-03-28