ownCloud ServerInsufficient RSA Host Key validation in files_external (SFTP driver)Local file inclusion in coreMultiple XSSImproper authorization checks in contactsImproper authorization checks in files_external
XSS Vulnerability in MediaElement.js (oC-SA-2013-017)
19th April 2013
Risk level: High
This vulnerability exists in the bundled 3rdparty plugin “MediaElement.js”, “MediaElement.js” released version 2.11.2 which addresses the problem.
- ownCloud Server < 5.0.5 (CVE-2013-1967)
- ownCloud Server < 4.5.10 (CVE-2013-1967)
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Malte Batram - () - Vulnerability discovery and disclosure.