472576 – (CVE-2013-2149) <www-apps/owncloud-{4.0.16,4.5.12,5.0.7}: multiple XSS vulnerabilities (CVE-2013-{2149,2150})

Bug 472576 (CVE-2013-2149) - <www-apps/owncloud-{4.0.16,4.5.12,5.0.7}: multiple XSS vulnerabilities (CVE-2013-{2149,2150})

Summary: <www-apps/owncloud-{4.0.16,4.5.12,5.0.7}: multiple XSS vulnerabilities (CVE-2...

Status:	RESOLVED FIXED

Alias:	CVE-2013-2149

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	http://owncloud.org/about/security/ad...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-06-07 12:30 UTC by Bernard Cafarelli
Modified:	2014-06-08 00:27 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernard Cafarelli gentoo-dev

2013-06-07 12:30:13 UTC

As per $URL

New versions are in tree thanks to robbat2, I have removed the vulnerable ones

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2014-06-08 00:27:04 UTC

CVE-2013-2150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2150):
  Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in
  ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject
  arbitrary web script or HTML via vectors related to shared files.

CVE-2013-2149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2149):
  Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before
  4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject
  arbitrary web script or HTML via vectors related to shared files.