Description
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5020)
Grafana Improper Authentication Vulnerability (CVE-2022-39229)
WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)
Oracle Application Server CVE-2009-0974 Vulnerability (CVE-2009-0974)
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51488)