CVE-2013-0202

Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
redhatCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
owncloudowncloud_server
4.0.0 ≤
𝑥
< 4.0.11
owncloudowncloud_server
4.5.0 ≤
𝑥
< 4.5.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
owncloudowncloud
4.5.5
CNA
owncloudowncloud
4.0.10
CNA
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
owncloud
hardy
dne
lucid
dne
oneiric
ignored
precise
not-affected
quantal
ignored
raring
not-affected
saucy
not-affected
trusty
dne
utopic
dne
vivid
dne
wily
dne
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476
https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476
https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/