Multiple cross-site scripting (XSS) vulnerabilities in ownCloud prior to 4.0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud 3.0.3 |
||
owncloud owncloud 3.0.2 |
||
owncloud owncloud 3.0.1 |
||
owncloud owncloud 3.0.0 |
||
owncloud owncloud |