Description

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

Remediation

References

CVE-2013-2150

Related Vulnerabilities

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)

EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.5.8)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5293)

Severity

Low

Classification

CVE-2013-2150 CWE-707

Tags

Missing Update Known Vulnerabilities