CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2043
https://notcve.org/view.php?id=CVE-2013-2043
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. apps/calendar/ajax/events.php en ownCloud anterior a 4.5.11 y 5.x anterior a 5.0.6 no comprueba debidamente la propiedad de un calendario, lo que permite a usuarios remotos autenticados descargar calendarios arbitrarios a través del parámetro calendar_id. • http://owncloud.org/about/security/advisories/oC-SA-2013-024 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 31EXPL: 0CVE-2013-2039
https://notcve.org/view.php?id=CVE-2013-2039
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en lib/files/view.php en ownCloud anterior a 4.0.15, 4.5.x 4.5.11 y 5.x anterior a 5.0.6 permite a usuarios remotos autenticados acceder a archivos arbitrarios a través de vectores no especificados. • http://owncloud.org/about/security/advisories/oC-SA-2013-020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-0298
https://notcve.org/view.php?id=CVE-2013-0298
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php. Múltiples vulnerabilidades de XSS en ownCloud 4.5.x anterior a 4.5.7 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de (1) un archivo iCalendar manipulado hacia la aplicación calendar, el parámetro (2) dir o (3) file hacia apps/files_pdfviewer/viewer.php o el (4) parámetro mountpoint hacia /apps/files_external/addMountPoint.php. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0297
https://notcve.org/view.php?id=CVE-2013-0297
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php. Múltiples vulnerabilidades de XSS en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permiten a administradores remotos autenticados inyectar script Web o HTML arbitrarios a través del parámetro (1) site_name o (2) site_url hacia apps/external/ajax/setsites.php. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0CVE-2013-0307
https://notcve.org/view.php?id=CVE-2013-0307
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter. Vulnerabilidad de XSS en settings.php en ownCloud anterior a 4.0.12 y 4.5.x anterior a 4.5.7 permite a administradores remotos inyectar script Web o HTML arbitrarios a través del parámetro del campo de entrada group. • http://owncloud.org/about/security/advisories/oC-SA-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •