CVE-2012-2269: XSS
First published: Fri Apr 20 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud | <=3.0.2 | |
| ownCloud | =3.0.0 | |
| ownCloud | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html
- http://osvdb.org/81206
- http://osvdb.org/81207
- http://osvdb.org/81208
- http://osvdb.org/81209
- http://osvdb.org/81210
- http://owncloud.org/security/advisories/CVE-2012-2269/
- http://secunia.com/advisories/48850
- http://www.openwall.com/lists/oss-security/2012/08/11/1
- http://www.openwall.com/lists/oss-security/2012/09/02/2
- http://www.securityfocus.com/bid/53145
- http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75028
Frequently Asked Questions
What is the severity of CVE-2012-2269?
CVE-2012-2269 has a medium severity rating due to the potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2012-2269?
To fix CVE-2012-2269, upgrade your ownCloud installation to version 3.0.3 or higher.
What types of vulnerabilities are associated with CVE-2012-2269?
CVE-2012-2269 is associated with multiple cross-site scripting (XSS) vulnerabilities.
What software versions are affected by CVE-2012-2269?
The affected versions of ownCloud include 3.0.0 to 3.0.2.
Can CVE-2012-2269 lead to unauthorized access?
Yes, CVE-2012-2269 can potentially allow remote attackers to execute arbitrary web scripts or HTML, leading to unauthorized access.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/owncloud
- canonical/owncloud
- version/owncloud/3.0.2
- version/owncloud/3.0.0
- version/owncloud/3.0.1