CVE-2014-1665: XSS
First published: Tue Mar 20 2018(Updated: )
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud ownCloud | <6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-1665?
The severity of CVE-2014-1665 is medium with a CVSS score of 5.4.
How does CVE-2014-1665 affect ownCloud?
CVE-2014-1665 affects ownCloud versions up to and exclusive of 6.0.1.
What is the CWE category of CVE-2014-1665?
CVE-2014-1665 falls under CWE category 79.
How can remote authenticated users exploit CVE-2014-1665?
Remote authenticated users can exploit CVE-2014-1665 by injecting arbitrary web script or HTML through the filename of an uploaded file.
Are there any known references for CVE-2014-1665?
Yes, there are references available at the following links: [1](http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html), [2](http://www.securityfocus.com/bid/65457), and [3](https://exchange.xforce.ibmcloud.com/vulnerabilities/91012).
- collector/nvd-index
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/owncloud
- canonical/owncloud owncloud