CVE-2014-3832: XSS
First published: Wed Jun 04 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the print_unescaped function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ownCloud | =6.0.0 | |
| ownCloud | =6.0.1 | |
| ownCloud | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3832?
CVE-2014-3832 has a medium severity rating due to its potential for cross-site scripting attacks.
How do I fix CVE-2014-3832?
To fix CVE-2014-3832, upgrade ownCloud Server to version 6.0.3 or later.
What types of attacks are possible due to CVE-2014-3832?
CVE-2014-3832 allows remote attackers to perform cross-site scripting attacks by injecting arbitrary web scripts or HTML.
Which versions of ownCloud are affected by CVE-2014-3832?
CVE-2014-3832 affects ownCloud Server versions 6.0.0 through 6.0.2.
Is user data compromised by CVE-2014-3832?
While CVE-2014-3832 primarily allows script injection, it can lead to further exploitation that may compromise user data.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/owncloud
- canonical/owncloud
- version/owncloud/6.0.0
- version/owncloud/6.0.1
- version/owncloud/6.0.2