CVE-2012-5666

ownCloud <4.0.10, <4.5.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/57030

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/12/22/5

Various Sources x_refsource_confirm

http://owncloud.org/changelog/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51614

Patch x_refsource_confirm

https://github.com/owncloud/apps/commit/eafa9b2

View Patch ZIP pw:eip

Patch x_refsource_confirm

https://github.com/owncloud/core/commit/b24c929cc0

View Patch ZIP pw:eip

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/12/22/2

Scores

EPSS 0.0041

EPSS Percentile 61.1%

Details

CWE

CWE-79

Status published

Products (15)

owncloud/owncloud_server 4.0.0

owncloud/owncloud_server 4.0.1

owncloud/owncloud_server 4.0.2

owncloud/owncloud_server 4.0.3

owncloud/owncloud_server 4.0.4

owncloud/owncloud_server 4.0.5

owncloud/owncloud_server 4.0.6

owncloud/owncloud_server 4.0.7

owncloud/owncloud_server 4.0.8

owncloud/owncloud_server 4.0.9

... and 5 more

Published Jan 03, 2013

Tracked Since Feb 18, 2026