CVE-2014-3833

Owncloud < 5.0.15 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.

References (1)

[Vendor Advisory] http://owncloud.org/about/security/advisories/oc-sa-2014-010

Scores

EPSS 0.0026

EPSS Percentile 49.5%

Details

CWE

CWE-79

Status published

Products (21)

owncloud/owncloud < 5.0.15

owncloud/owncloud_server

... and 11 more

Published Jun 04, 2014

Tracked Since Feb 18, 2026