Test ID:	1.3.6.1.4.1.25623.1.0.803741
Category:	Web application abuses
Title:	ownCloud < 4.0.9, 4.5.x < 4.5.2 Multiple Vulnerabilities - Active Check
Summary:	ownCloud is prone to cross-site scripting (XSS) and file upload; vulnerabilities.
Description:	Summary: ownCloud is prone to cross-site scripting (XSS) and file upload vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An input passed via the filename to apps/files_versions/js/versions.js and apps/files/js/filelist.js and event title to 3rdparty/fullcalendar/js/fullcalendar.js is not properly sanitised before being returned to the user. - Certain unspecified input passed to apps/user_webdavauth/settings.php is not properly sanitised before being returned to the user. - An error due to the lib/migrate.php and lib/filesystem.php scripts are not properly verifying uploaded files. Vulnerability Impact: Successful exploitation will allow remote attacker to execute arbitrary HTML or script code or discloses sensitive information resulting in loss of confidentiality. Affected Software/OS: ownCloud versions prior to 4.0.9 and 4.5.x prior to 4.5.2. Solution: Update to version 4.0.9, 4.5.2 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5606 http://www.openwall.com/lists/oss-security/2012/11/30/3 http://secunia.com/advisories/51357 Common Vulnerability Exposure (CVE) ID: CVE-2012-5607 Common Vulnerability Exposure (CVE) ID: CVE-2012-5608 Common Vulnerability Exposure (CVE) ID: CVE-2012-5609 Common Vulnerability Exposure (CVE) ID: CVE-2012-5610
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.