Description

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.

Remediation

References

CVE-2014-9042

Related Vulnerabilities

Apache 2.x version older than 2.0.49

WordPress Plugin WassUp Real Time Analytics Cross-Site Scripting (1.8.3)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0307)

Oracle HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5000)

Java Unspesificed Vulnerability (CVE-2019-2821)

Severity

Low

Classification

CVE-2014-9042 CWE-707

Tags

Missing Update Known Vulnerabilities