Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0201

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0201
Last Modified 26 Mar 2014 12:42:32
Published 18 Mar 2014 01:02:50
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0201

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.

Vulnerable Systems

Application

  • Owncloud 4.0.0

  • Owncloud 4.0.1

  • Owncloud 4.0.10

  • Owncloud 4.0.2

  • Owncloud 4.0.3

  • Owncloud 4.0.4

  • Owncloud 4.0.5

  • Owncloud 4.0.6

  • Owncloud 4.0.7

  • Owncloud 4.0.8

  • Owncloud 4.0.9

  • Owncloud 4.5.6


References

CONFIRM - https://github.com/owncloud/core/commit/b8e0309

CONFIRM - https://github.com/owncloud/core/commit/4e2b834

XF - owncloud-mime-token-xss(81475)

CONFIRM - http://owncloud.org/about/security/advisories/oC-SA-2013-001

OSVDB - 89511

OSVDB - 89506

OSVDB - 89505


Last Updated: 27 May 2016 11:04:42