Reflected XSS in the file list
Platform: ownCloud Server
Risk level: Medium
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
- ownCloud Server < 4.0.5 (CVE-2012-4394)
It is recommended that all instances are upgraded to ownCloud Server 4.0.5.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke – ownCloud Inc. (firstname.lastname@example.org) – Vulnerability discovery and disclosure.