fkie_nvd - fkie_cve-2013-1822

fkie_cve-2013-1822

Vulnerability from fkie_nvd

Published

2014-03-14 16:55

Modified

2024-11-21 01:50

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.

References

▼	URL	Tags
	secalert@redhat.com	http://owncloud.org/about/security/advisories/oC-SA-2013-008/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://owncloud.org/about/security/advisories/oC-SA-2013-008/	Vendor Advisory

Impacted products

Vendor	Product	Version
owncloud	owncloud	4.5.0
owncloud	owncloud	4.5.1
owncloud	owncloud	4.5.2
owncloud	owncloud	4.5.3
owncloud	owncloud	4.5.4
owncloud	owncloud	4.5.5
owncloud	owncloud	4.5.6
owncloud	owncloud	4.5.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B362D262-CB7A-4987-AD26-406E20DE9BCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3B9287-AC9F-488B-A6F4-1AC822BBBAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF01655F-80A2-4A6B-9F30-18E39581F971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08AB56D-506A-4D31-AD83-12A5937393B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D723BA-E386-456D-8BC3-91390798B4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75538474-59FA-444C-865C-7B401A491476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9852A84C-BAA9-43E7-BD30-D6F5D752502E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:owncloud:owncloud:4.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC86F25A-605B-4B1C-8E5A-8022CC59619F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) \"share with\" field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en ownCloud 4.5.x anterior a 4.5.8 permiten a usuarios remotos autenticados con privilegios de administrador inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro quota hacia /core/settings/ajax/setquota.php o usuarios remotos autenticados con privilegios de administraci\u00f3n de grupos inyectar script Web o HTML arbitrarios a trav\u00e9s de (2) el campo group hacia settings.php o (3) el campo \"share with\"."
    }
  ],
  "id": "CVE-2013-1822",
  "lastModified": "2024-11-21T01:50:27.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-14T16:55:04.880",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-008/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-1822

Vulnerability from cvelistv5

Published

2014-03-14 16:00

Modified

2024-08-06 15:13