CVE-2013-2042
ownCloud < 4.0.15, 4.5.x < 4.5.11, 5.0.x < 5.0.6 - Authenticated Cross-Site Scripting via Bookmark URL Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark.php or (2) apps/bookmarks/ajax/editBookmark.php.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/oC-SA-2013-021/
Scores
EPSS
0.0019
EPSS Percentile
39.8%
Details
CWE
CWE-79
Status
published
Products (31)
owncloud/owncloud
< 4.0.14
owncloud/owncloud_server
4.0.0
owncloud/owncloud_server
4.0.1
owncloud/owncloud_server
4.0.2
owncloud/owncloud_server
4.0.3
owncloud/owncloud_server
4.0.4
owncloud/owncloud_server
4.0.5
owncloud/owncloud_server
4.0.6
owncloud/owncloud_server
4.0.7
owncloud/owncloud_server
4.0.8
... and 21 more
Published
Mar 14, 2014
Tracked Since
Feb 18, 2026