CVE-2013-1890
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0030 (0.3%)
Percentile: 52.9%
EPSS: 2026-05-06
Affects
owncloud:owncloudTechnical description
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
Published: 3/9/2014, 1:16:56 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://owncloud.org/about/security/advisories/oC-SA-2013-011
- http://www.securityfocus.com/bid/58852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83245
- http://owncloud.org/about/security/advisories/oC-SA-2013-011
- http://www.securityfocus.com/bid/58852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83245