Owncloud
CVE-2012-5606
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js.
AnalysisAI
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js. Affected products include: Owncloud, Owncloud Owncloud Server. Version information: before 4.0.9.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote aut
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redire
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authenti
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sen
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitr
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentiall
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery applica
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf)
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissio
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today