Test ID:	1.3.6.1.4.1.25623.1.0.103645
Category:	Web application abuses
Title:	ownCloud <= 4.0.10, 4.5.x <= 4.5.5 Multiple Vulnerabilities - Active Check
Summary:	ownCloud is prone to an arbitrary-code execution vulnerability,; multiple HTML-injection vulnerabilities and multiple cross-site scripting (XSS) vulnerabilities; because it fails to properly sanitize user-supplied input.
Description:	Summary: ownCloud is prone to an arbitrary-code execution vulnerability, multiple HTML-injection vulnerabilities and multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Impact: Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user and to execute arbitrary code in the context of the web server. Other attacks are also possible. Affected Software/OS: ownCloud versions through 4.0.10 and 4.5.x through 4.5.5. Solution: Vendor updates are available. Please see the references for more information. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0201 http://osvdb.org/89505 http://osvdb.org/89506 http://osvdb.org/89511 XForce ISS Database: owncloud-mime-token-xss(81475) https://exchange.xforce.ibmcloud.com/vulnerabilities/81475 Common Vulnerability Exposure (CVE) ID: CVE-2013-0202 https://exchange.xforce.ibmcloud.com/vulnerabilities/81476 https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/ Common Vulnerability Exposure (CVE) ID: CVE-2013-0203 https://exchange.xforce.ibmcloud.com/vulnerabilities/81478 Common Vulnerability Exposure (CVE) ID: CVE-2013-0204
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.