ownCloud ServerMultiple stored XSS in "contacts" applicationMultiple stored XSS in "documents" applicationBypass of file blacklist on Microsoft Windows PlatformBypass of file blacklistLogin bypass when using user_ldap due to unauthenticated binds
XSS Vulnerability in MediaElement.js (oC-SA-2013-017)
19th April 2013
Risk level: High
This vulnerability exists in the bundled 3rdparty plugin “MediaElement.js”, “MediaElement.js” released version 2.11.2 which addresses the problem.
- ownCloud Server < 5.0.5 (CVE-2013-1967)
- ownCloud Server < 4.5.10 (CVE-2013-1967)
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Malte Batram - () - Vulnerability discovery and disclosure.