Description
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7-Clockwork SMS Cross-Site Scripting (2.3.0)
MySQL CVE-2016-3495 Vulnerability (CVE-2016-3495)
WordPress Other Vulnerability (CVE-2004-1584)
WordPress Plugin Post Lists View Custom Cross-Site Scripting (1.7.1)
WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Open Redirect (1.85)