Test ID:	1.3.6.1.4.1.25623.1.0.804412
Category:	Web application abuses
Title:	ownCloud Multiple XSS and SQL Injection Vulnerabilities
Summary:	ownCloud is prone to multiple XSS and SQL injection vulnerabilities.
Description:	Summary: ownCloud is prone to multiple XSS and SQL injection vulnerabilities. Vulnerability Insight: - Input passed via the 'new_name' POST parameter to /apps/bookmarks/ajax/renameTag.php is not properly sanitised before being used. - Certain unspecified input passed to some files in apps/contacts/ajax/ is not properly sanitised before being used. - Certain unspecified input passed to addressbookprovider.php is not properly sanitised before being used in a SQL query. Vulnerability Impact: Successful exploitation will allow remote attacker to inject or manipulate SQL queries in the back-end database or conduct script insertion. Affected Software/OS: ownCloud Server before version 5.0.1 Solution: Update to version 5.0.1 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1893 BugTraq ID: 58855 http://www.securityfocus.com/bid/58855 XForce ISS Database: owncloud-addressbookprovider-sql-injection(83253) https://exchange.xforce.ibmcloud.com/vulnerabilities/83253 Common Vulnerability Exposure (CVE) ID: CVE-2013-1890 BugTraq ID: 58852 http://www.securityfocus.com/bid/58852 XForce ISS Database: owncloud-cve20131890-multiple-xss(83245) https://exchange.xforce.ibmcloud.com/vulnerabilities/83245
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.