Description

Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Remediation

References

CVE-2012-4394

Related Vulnerabilities

Oracle Database Server CVE-2019-2799 Vulnerability (CVE-2019-2799)

Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)

qdPM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-26165)

WordPress Plugin WP smart CRM & Invoices FREE Cross-Site Scripting (1.8.7)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Multiple Cross-Site Request Forgery Vulnerabilities (2.5.6)

Severity

Medium

Classification

CVE-2012-4394 CWE-707

Tags

Missing Update Known Vulnerabilities