CVE-2012-5056
owncloud < 4.0.8 - Cross-Site Scripting via Multiple Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/CVE-2012-5056/
Scores
EPSS
0.0032
EPSS Percentile
54.9%
Details
CWE
CWE-79
Status
published
Products (8)
owncloud/owncloud
< 4.0.7
owncloud/owncloud_server
4.0.0
owncloud/owncloud_server
4.0.1
owncloud/owncloud_server
4.0.2
owncloud/owncloud_server
4.0.3
owncloud/owncloud_server
4.0.4
owncloud/owncloud_server
4.0.5
owncloud/owncloud_server
4.0.6
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026