Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x prior to 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud 5.0.4 |
||
owncloud owncloud 5.0.5 |
||
owncloud owncloud 5.0.1 |
||
owncloud owncloud 5.0.3 |
||
owncloud owncloud 5.0.0 |
||
owncloud owncloud 5.0.2 |