See upstream changelog New versions bumped in tree (4.0.13, 4.5.8, 5.0.0), and vulnerable ones were removed
(In reply to comment #0) > See upstream changelog > > New versions bumped in tree (4.0.13, 4.5.8, 5.0.0), and vulnerable ones were > removed Thanks, Bernard! Closing noglsa for ~arch only.
*** Bug 461702 has been marked as a duplicate of this bug. ***
CVE-2013-1851 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1851): Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. CVE-2013-1850 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1850): Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file. CVE-2013-1822 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1822): Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.
