ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2012-4396 - Vulnerability Database

ownCloud

ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2012-4396

Medium

Reference: CVE-2012-4396

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-4396

Title: ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php (6) identity to apps/user_openid/settings.php (7) stack name in apps/gallery/lib/tiles.php (8) root parameter to apps/gallery/templates/index.php (9) calendar displayname in apps/calendar/templates/part.import.php (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php (11) title (12) location or (13) description parameter in apps/calendar/lib/object.php (14) certain vectors in core/js/multiselect.js or (15) artist (16) album or (17) title comments parameter in apps/media/lib_scanner.php.