CVE-2014-9042

Name of the Vulnerable Software and Affected Versions ownCloud versions prior to 5.0.18 ownCloud versions 6.x prior to 6.0.6 ownCloud versions 7.x prior to 7.0.3

Description The issue is related to a cross-site scripting (XSS) vulnerability in the import functionality of the bookmarks application. This allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol.

Recommendations For ownCloud versions prior to 5.0.18, update to version 5.0.18 or later. For ownCloud versions 6.x prior to 6.0.6, update to version 6.0.6 or later. For ownCloud versions 7.x prior to 7.0.3, update to version 7.0.3 or later.