Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ownCloud 多个跨站脚本漏洞
Vulnerability Description
ownCloud 4.0.2之前版本中存在多个跨站脚本(XSS)漏洞。远程攻击者可利用该漏洞通过(1)文件名传送到apps/user_ldap/settings.php脚本(2)url或(3)title参数传送到apps/bookmarks/ajax/editBookmark.php脚本(4)tag或(5)page参数传送到apps/bookmarks/ajax/updateList.php脚本(6)identity传送到apps/user_openid/settings.php脚本(7)apps/gal
CVSS Information
N/A
Vulnerability Type
N/A