CVE-2013-2042

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 4.0.15 ownCloud versions 4.5.x prior to 4.5.11 ownCloud versions 5.0.x prior to 5.0.6

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This is achieved via the url parameter to specific API endpoints, such as "/apps/bookmarks/ajax/addBookmark.php" or "/apps/bookmarks/ajax/editBookmark.php".

Recommendations For ownCloud versions prior to 4.0.15, update to version 4.0.15 or later. For ownCloud versions 4.5.x prior to 4.5.11, update to version 4.5.11 or later. For ownCloud versions 5.0.x prior to 5.0.6, update to version 5.0.6 or later.