Nixpkgs Security Tracker

Dismissed

Permalink CVE-2013-0202

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed package owncloud-client 1 month ago
@LeSuisse dismissed 1 month ago

Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier …

Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.

References

https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 x_refsource_MISC x_transferred
https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ x_refsource_MISC x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 x_refsource_MISC
https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 x_refsource_MISC x_transferred
https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ x_refsource_MISC x_transferred

Affected products

ownCloud

==4.0.10
==and earlier
==4.5.5

Ignored packages (1)

pkgs.owncloud-client

Synchronise your ownCloud with your computer using this desktop client

nixos-unstable 6.0.3
- nixpkgs-unstable 6.0.3
- nixos-unstable-small 6.0.3
nixos-25.11 5.3.2
- nixos-25.11-small 5.3.2
- nixpkgs-25.11-darwin 5.3.2

Not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.owncloud-client