CVE-2014-9042

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol.  NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
owncloudowncloud
𝑥
≤ 5.0.17
owncloudowncloud_server
5.0.0
owncloudowncloud_server
5.0.1
owncloudowncloud_server
5.0.2
owncloudowncloud_server
5.0.3
owncloudowncloud_server
5.0.4
owncloudowncloud_server
5.0.5
owncloudowncloud_server
5.0.6
owncloudowncloud_server
5.0.7
owncloudowncloud_server
5.0.8
owncloudowncloud_server
5.0.9
owncloudowncloud_server
5.0.10
owncloudowncloud_server
5.0.11
owncloudowncloud_server
5.0.12
owncloudowncloud_server
5.0.13
owncloudowncloud_server
5.0.14
owncloudowncloud_server
5.0.14:a
owncloudowncloud_server
5.0.15
owncloudowncloud_server
5.0.16
owncloudowncloud_server
6.0.0
owncloudowncloud_server
6.0.1
owncloudowncloud_server
6.0.2
owncloudowncloud_server
6.0.3
owncloudowncloud_server
6.0.4
owncloudowncloud_server
6.0.5
owncloudowncloud_server
7.0.0
owncloudowncloud_server
7.0.1
owncloudowncloud_server
7.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://owncloud.org/security/advisory/?id=oc-sa-2014-028
https://owncloud.org/security/advisory/?id=oc-sa-2014-028