Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-9042 - Vulnerability Database
ownCloud

ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-9042

Low
Reference: CVE-2014-9042
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9042
Title: ownCloud Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.