CVE-2014-9042

ownCloud <5.0.18,6.x<6.0.6,7.x<7.0.3 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2014-028

Scores

EPSS 0.0019
EPSS Percentile 39.8%

Details

CWE
CWE-79
Status published
Products (27)
owncloud/owncloud < 5.0.17
owncloud/owncloud_server 5.0.0
owncloud/owncloud_server 5.0.1
owncloud/owncloud_server 5.0.2
owncloud/owncloud_server 5.0.3
owncloud/owncloud_server 5.0.4
owncloud/owncloud_server 5.0.5
owncloud/owncloud_server 5.0.6
owncloud/owncloud_server 5.0.7
owncloud/owncloud_server 5.0.8
... and 17 more
Published Feb 04, 2015
Tracked Since Feb 18, 2026