CVE-2013-0307

Owncloud < 4.0.11 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

References (1)

[Vendor Advisory] http://owncloud.org/about/security/advisories/oC-SA-2013-003/

Scores

EPSS 0.0028

EPSS Percentile 51.5%

Details

CWE

CWE-79

Status published

Products (24)

owncloud/owncloud < 4.0.11

owncloud/owncloud_server

... and 14 more

Published Mar 14, 2014

Tracked Since Feb 18, 2026