Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:owncloud:owncloud:4.0.7:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-5606 |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to apps/files_versions/js/versions.js or (2) apps/files/js/filelist.js; or (3) event title to 3rdparty/fullcalendar/js/fullcalendar.js. Published: December 17, 2012; 8:55:07 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4392 |
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. Published: September 05, 2012; 7:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |