Skip to main content
CVE-2013-0307 LOW Monitor

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-2291 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Juniper XSS Ivanti Ive Os
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2150 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Owncloud Server Owncloud
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2149 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2042 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2041 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2040 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Owncloud Owncloud Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0297 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Server Owncloud
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-1851 LOW Monitor

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure Owncloud Owncloud Server
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-1822 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1). Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Owncloud Server
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-1274 LOW Monitor

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2047 LOW PATCH Monitor

The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

PHP Privilege Escalation Owncloud Owncloud Server
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1279 LOW Monitor

Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Tvos
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0017 LOW PATCH Monitor

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared. Rated low severity (CVSS 1.9).

Information Disclosure OpenSSL Libssh
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-1281 LOW Monitor

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the. Rated low severity (CVSS 1.9). No vendor patch available.

Apple Privilege Escalation Iphone Os
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy