CVE-2013-0297

Owncloud Server < 4.0.11 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

References (1)

Scores

EPSS 0.0019
EPSS Percentile 40.0%

Details

CWE
CWE-79
Status published
Products (24)
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud < 4.0.11
owncloud/owncloud_server
owncloud/owncloud_server
... and 14 more
Published Mar 14, 2014
Tracked Since Feb 18, 2026