Summary: | <www-apps/owncloud-{4.0.16,4.5.12,5.0.7}: multiple XSS vulnerabilities (CVE-2013-{2149,2150}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bernard Cafarelli <voyageur> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | alexxy, robbat2, voyageur, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://owncloud.org/about/security/advisories/oC-SA-2013-028/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bernard Cafarelli
2013-06-07 12:30:13 UTC
CVE-2013-2150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2150): Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. CVE-2013-2149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2149): Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. |