CVE-2012-2398 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2398): Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE-2012-2397 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2397): Cross-site request forgery (CSRF) vulnerability in ownCloud 3.0.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
IS it a duplicate of 412899 ?
(In reply to comment #1) > IS it a duplicate of 412899 ? It absolutely is. *** This bug has been marked as a duplicate of bug 412899 ***
