This host is installed with ownCloud and is prone to multiple XSS vulnerabilities.

Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Impact Level: Application

Upgrade to ownCloud version 4.5.6 or 4.0.11 or later, For updates refer to http://owncloud.org

Multiple flaws exist due to, - Unspecified input passed to core/lostpassword/templates/resetpassword.php is not properly sanitized before being used. - Input passed via the 'mime' parameter to apps/files/ajax/mimeicon.php is not properly sanitized before being used. - Input passed via the 'token' parameter to apps/gallery/sharing.php is not properly sanitized before being used. - Input passed via the 'action' parameter to core/ajax/sharing.php is not properly sanitized before being used. - Unspecified input passed to apps/calendar/ajax/event/new.php is not properly sanitized before being used. - Input passed via the 'url' parameter to apps/bookmarks/ajax/addBookmark.php is not properly sanitized before being used.

ownCloud Server version 4.5.x before 4.5.6 and 4.0.x before 4.0.11

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://owncloud.org/about/security/advisories/oc-sa-2013-001
• http://secunia.com/advisories/51872
• http://www.openwall.com/lists/oss-security/2013/01/22/12
• http://www.osvdb.com/89508
• http://www.osvdb.com/89511

---

Updated on 2017-03-28