CVE-2013-2150

Owncloud Server < 4.5.11 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

References (1)

[Patch, Vendor Advisory] http://owncloud.org/about/security/advisories/oC-SA-2013-028/

Scores

EPSS 0.0019

EPSS Percentile 40.0%

Details

CWE

CWE-79

Status published

Products (41)

owncloud/owncloud_server

owncloud/owncloud < 4.5.11

owncloud/owncloud_server

... and 31 more

Published Mar 14, 2014

Tracked Since Feb 18, 2026