Owncloud
Monthly
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.8%.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 15.8%.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.