CVE-2012-4397

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.

Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ownCloud anterior a v4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del displayname calendar para part.choosecalendar.rowfields.php o (2) part.choosecalendar.rowfields.shared.php en apps/calendar/templates/; o (3) vectores no especificados para apps/contacts/lib/vcard.php.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-21 CVE Reserved
2012-09-05 CVE Published
2024-09-17 CVE Updated
2024-09-17 First Exploit
2024-09-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (5)

URL	Tag	Source
http://owncloud.org/changelog	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2012/08/11/1	Mailing List
http://www.openwall.com/lists/oss-security/2012/09/02/2	Mailing List

URL	Date	SRC
https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e	2024-09-17

URL	Date	SRC
https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3	2012-09-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Owncloud Search vendor "Owncloud"		Owncloud Search vendor "Owncloud" for product "Owncloud"				<= 4.0.0 Search vendor "Owncloud" for product "Owncloud" and version " <= 4.0.0"		-		Affected
Owncloud Search vendor "Owncloud"		Owncloud Search vendor "Owncloud" for product "Owncloud"				3.0.0 Search vendor "Owncloud" for product "Owncloud" and version "3.0.0"		-		Affected
Owncloud Search vendor "Owncloud"		Owncloud Search vendor "Owncloud" for product "Owncloud"				3.0.1 Search vendor "Owncloud" for product "Owncloud" and version "3.0.1"		-		Affected
Owncloud Search vendor "Owncloud"		Owncloud Search vendor "Owncloud" for product "Owncloud"				3.0.2 Search vendor "Owncloud" for product "Owncloud" and version "3.0.2"		-		Affected
Owncloud Search vendor "Owncloud"		Owncloud Search vendor "Owncloud" for product "Owncloud"				3.0.3 Search vendor "Owncloud" for product "Owncloud" and version "3.0.3"		-		Affected