CVE-2013-0297

owncloud_server < 4.0.12 and 4.5.x < 4.5.7 - Authenticated Cross-Site Scripting via Site Name or URL Parameter

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

References (1)

Core 1
Core References

Scores

EPSS 0.0022
EPSS Percentile 45.0%

Details

CWE
CWE-79
Status published
Products (23)
owncloud/owncloud < 4.0.11
owncloud/owncloud_server 4.5.0
owncloud/owncloud_server 4.5.1
owncloud/owncloud_server 4.5.2
owncloud/owncloud_server 4.5.3
owncloud/owncloud_server 4.5.4
owncloud/owncloud_server 4.5.5
owncloud/owncloud_server 4.5.6
owncloud/owncloud_server 3.0.0
owncloud/owncloud_server 3.0.1
... and 13 more
Published Mar 14, 2014
Tracked Since Feb 18, 2026