CVE-2012-5608
owncloud_server 4.5.x - Cross-Site Scripting via POST Parameters in User WebDAV Auth Settings
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51357
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/30/3
Various Sources x_refsource_confirm
http://owncloud.org/changelog/
Vendor Advisory x_refsource_confirm
http://owncloud.org/security/advisories/oc-sa-2012-003/
Patch x_refsource_confirm
https://github.com/owncloud/core/commit/054c168
Scores
EPSS
0.0029
EPSS Percentile
52.9%
Details
CWE
CWE-79
Status
published
Products (2)
owncloud/owncloud_server
4.5.0
owncloud/owncloud_server
4.5.1
Published
Dec 18, 2012
Tracked Since
Feb 18, 2026