Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-28644
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
Owncloud Owncloud
4.3
CVSSv2
CVE-2020-16255
ownCloud (Core) prior to 10.5 allows XSS in login page 'forgot password.'
Owncloud Owncloud
4.3
CVSSv2
CVE-2014-2050
Cross-site request forgery (CSRF) vulnerability in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2 allows remote malicious users to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
Owncloud Owncloud
4.3
CVSSv2
CVE-2013-0202
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and previous versions allows remote malicious users to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
Owncloud Owncloud
4.3
CVSSv2
CVE-2017-8896
ownCloud Server prior to 8.2.12, 9.0.x prior to 9.0.10, 9.1.x prior to 9.1.6, and 10.0.x prior to 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
Owncloud Owncloud
4.3
CVSSv2
CVE-2016-9459
Nextcloud Server prior to 9.0.52 & ownCloud Server prior to 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivere...
Owncloud Owncloud
Nextcloud Nextcloud Server
4.3
CVSSv2
CVE-2016-9466
Nextcloud Server prior to 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could infl...
Owncloud Owncloud
Nextcloud Nextcloud Server
4.3
CVSSv2
CVE-2017-5865
The password reset functionality in ownCloud Server prior to 8.1.11, 8.2.x prior to 8.2.9, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 sends different error messages depending on whether the username is valid, which allows remote malicious users to enumerate user names via a l...
Owncloud Owncloud 8.2.5
Owncloud Owncloud 9.0.0
Owncloud Owncloud 8.2.7
Owncloud Owncloud 9.0.6
Owncloud Owncloud 8.2.6
Owncloud Owncloud 8.2.4
Owncloud Owncloud 9.0.4
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.1.2
Owncloud Owncloud 9.0.3
Owncloud Owncloud 8.2.2
Owncloud Owncloud 9.0.5
Owncloud Owncloud 8.2.8
Owncloud Owncloud
Owncloud Owncloud 9.0.2
Owncloud Owncloud 8.2.3
Owncloud Owncloud 9.1.1
Owncloud Owncloud 9.1.0
4.3
CVSSv2
CVE-2016-5876
ownCloud server prior to 8.2.6 and 9.x prior to 9.0.3, when the gallery app is enabled, allows remote malicious users to download arbitrary images via a direct request.
Owncloud Owncloud 9.0.0
Owncloud Owncloud
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.0.2
4.3
CVSSv2
CVE-2016-1498
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server prior to 7.0.12, 8.0.x prior to 8.0.10, 8.1.x prior to 8.1.5, and 8.2.x prior to 8.2.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors ...
Owncloud Owncloud 8.0.5
Owncloud Owncloud
Owncloud Owncloud 8.1.3
Owncloud Owncloud 8.2.1
Owncloud Owncloud 8.0.3
Owncloud Owncloud 8.0.4
Owncloud Owncloud 8.2.0
Owncloud Owncloud 8.0.9
Owncloud Owncloud 8.0.8
Owncloud Owncloud 8.1.4
Owncloud Owncloud 8.1.0
Owncloud Owncloud 8.0.2
Owncloud Owncloud 8.0.6
Owncloud Owncloud 8.0.0
Owncloud Owncloud 8.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »