Test ID:	1.3.6.1.4.1.25623.1.0.803742
Category:	Web application abuses
Title:	ownCloud 4.0.x < 4.0.10, 4.5.x < 4.5.5 Multiple Vulnerabilities - Active Check
Summary:	ownCloud is prone to cross-site scripting (XSS) and security; bypass vulnerabilities.
Description:	Summary: ownCloud is prone to cross-site scripting (XSS) and security bypass vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The application not verifying permissions when accessing settings.php can be exploited to change the app configuration for user_webdavauth and user_ldap and subsequently login as arbitrary users. - Certain input passed to apps/bookmark/index.php is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attacker to execute arbitrary HTML or script code or discloses sensitive information resulting in loss of confidentiality. Affected Software/OS: ownCloud versions 4.0.x prior to 4.0.10 and 4.5.x prior to 4.5.5. Solution: Update to version 4.0.10, 4.5.5 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5665 BugTraq ID: 57030 http://www.securityfocus.com/bid/57030 http://www.openwall.com/lists/oss-security/2012/12/22/2 http://www.openwall.com/lists/oss-security/2012/12/22/5 http://secunia.com/advisories/51614 XForce ISS Database: owncloud-settings-sec-bypass(80808) https://exchange.xforce.ibmcloud.com/vulnerabilities/80808 Common Vulnerability Exposure (CVE) ID: CVE-2012-5666
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.