1 |
boklm |
27 |
type: security |
2 |
boklm |
35 |
subject: Updated owncloud package fixes security vulnerabilities |
3 |
boklm |
27 |
CVE: |
4 |
|
|
- CVE-2013-2150 |
5 |
|
|
- CVE-2013-2149 |
6 |
|
|
src: |
7 |
|
|
3: |
8 |
|
|
core: |
9 |
|
|
- owncloud-5.0.7-1.mga3 |
10 |
|
|
description: | |
11 |
|
|
Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the |
12 |
|
|
files_videoviewer application via multiple unspecified vectors in all |
13 |
|
|
ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote |
14 |
|
|
attackers to inject arbitrary web script or HTML via shared files |
15 |
|
|
(CVE-2013-2150). |
16 |
|
|
|
17 |
|
|
Cross-site scripting (XSS) vulnerabilities in core/js/oc-dialogs.js via |
18 |
|
|
multiple unspecified vectors in all ownCloud versions prior to 5.0.7 |
19 |
|
|
and other versions before 4.0.16 allows authenticated remote attackers |
20 |
|
|
to inject arbitrary web script or HTML via shared files (CVE-2013-2149). |
21 |
|
|
references: |
22 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10452 |
23 |
|
|
- http://owncloud.org/about/security/advisories/oC-SA-2013-028/ |