CVE-2013-2041

Name of the Vulnerable Software and Affected Versions ownCloud versions 5.0.0 through 5.0.5

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via the tag parameter to "apps/bookmarks/ajax/addBookmark.php" or the dir parameter to "apps/files/ajax/newfile.php", which is then passed to apps/files/js/files.js.

Recommendations For ownCloud versions 5.0.0 through 5.0.5, update to version 5.0.6 or later to resolve the issue.