CVE-2013-2041

Published Mar 14, 2014

Last updated 6 days ago

CVSS info 3.5

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/ajax/newfile.php, which is passed to apps/files/js/files.js.
Source: secalert@redhat.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D89BE316-CE49-49CB-85FB-B93C86E07276"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD902884-4F28-4AF6-A8D7-A6CD15048B0C"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B18395A6-B385-4ADB-9278-5F59FF339F1F"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94834DA8-247E-4A53-A95A-708AF7F9AC4E"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35203A98-76CE-4475-9C4A-60E6A1990B8A"
          },
          {
            "criteria": "cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1C940B-E6FE-41D5-8313-E6498331E9F5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References