Published: 20/04/2012 Updated: 04/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 3.0.3 allow remote malicious users to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
owncloud owncloud 3.0.0
owncloud owncloud
owncloud owncloud 3.0.1

ownCloud version 300 suffers from cross site scripting and open redirection vulnerabilities ...

CWE-79 http://secunia.com/advisories/48850 http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt http://www.openwall.com/lists/oss-security/2012/09/02/2 http://owncloud.org/security/advisories/CVE-2012-2269/http://www.openwall.com/lists/oss-security/2012/08/11/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/75028 http://www.securityfocus.com/bid/53145 http://osvdb.org/81210 http://osvdb.org/81209 http://osvdb.org/81208 http://osvdb.org/81207 http://osvdb.org/81206 http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html https://nvd.nist.gov https://packetstormsecurity.com/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2269

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect