Description

The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method.

Remediation

References

CVE-2014-9049

Related Vulnerabilities

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1855)

WordPress Plugin SecuPress Pro Security Bypass (1.4.12)

Oracle JRE CVE-2020-2767 Vulnerability (CVE-2020-2767)

WordPress Plugin GD Star Rating 'tpl_section' Parameter Cross-Site Scripting (1.9.16)

WordPress Plugin Mail Queue Cross-Site Scripting (1.1)

Severity

Medium

Classification

CVE-2014-9049 CWE-200

Tags

Missing Update Known Vulnerabilities