Description

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

Remediation

References

CVE-2014-9041

Related Vulnerabilities

MongoDb Improper Authentication Vulnerability (CVE-2014-8180)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-1433)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)

WordPress Plugin bizzCam Video Cross-Site Scripting (0.1)

Severity

Medium

Classification

CVE-2014-9041 CWE-352

Tags

Missing Update Known Vulnerabilities