Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9042

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-9042
Last Modified 05 Feb 2015 10:20:32
Published 04 Feb 2015 01:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-9042

Summary

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.

Vulnerable Systems

Application

  • Owncloud 5.0.0

  • Owncloud 5.0.1

  • Owncloud 5.0.10

  • Owncloud 5.0.11

  • Owncloud 5.0.12

  • Owncloud 5.0.13

  • Owncloud 5.0.14

  • Owncloud 5.0.15

  • Owncloud 5.0.16

  • Owncloud 5.0.17

  • Owncloud 5.0.2

  • Owncloud 5.0.3

  • Owncloud 5.0.4

  • Owncloud 5.0.5

  • Owncloud 5.0.6

  • Owncloud 5.0.7

  • Owncloud 5.0.8

  • Owncloud 5.0.9

  • Owncloud 6.0.0

  • Owncloud 6.0.1

  • Owncloud 6.0.2

  • Owncloud 6.0.3

  • Owncloud 6.0.4

  • Owncloud 6.0.5

  • Owncloud 7.0.0

  • Owncloud 7.0.1

  • Owncloud 7.0.2


References

CONFIRM - https://owncloud.org/security/advisory/?id=oc-sa-2014-028


Last Updated: 27 May 2016 11:07:42