Vulnerability Details CVE-2013-1822
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v2 Score 2.1
References
Products affected by CVE-2013-1822
-
cpe:2.3:a:owncloud:owncloud_server:4.5.0
-
cpe:2.3:a:owncloud:owncloud_server:4.5.1
-
cpe:2.3:a:owncloud:owncloud_server:4.5.2
-
cpe:2.3:a:owncloud:owncloud_server:4.5.3
-
cpe:2.3:a:owncloud:owncloud_server:4.5.4
-
cpe:2.3:a:owncloud:owncloud_server:4.5.5
-
cpe:2.3:a:owncloud:owncloud_server:4.5.6
-
cpe:2.3:a:owncloud:owncloud_server:4.5.7