WEB APPLICATION VULNERABILITIES Standard & Premium

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0297)

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

Remediation

References

Related Vulnerabilities

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)

WordPress Plugin NewStatPress Cross-Site Scripting (1.0.3)

Drupal Core 7.x SQL Injection (7.0 - 7.31)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions SQL Injection (2.2.7)

Severity

Low

Classification

CVE-2013-0297 CWE-707

Tags

Missing Update Known Vulnerabilities