PT-2012-4010 · Owncloud · Owncloud
Lukas Reschke
·
Published
2012-04-20
·
Updated
2025-03-31
·
CVE-2012-2397
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ownCloud versions prior to 3.0.3
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences. This is achieved through vectors involving contacts.
Recommendations
For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to contact-related functionality until the update is applied.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Owncloud